multi-agent-orchestration
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseMulti-Agent Orchestration
Multi-Agent Orchestration
PM 式多 Agent 本地执行编排。它回答一个问题:多个 Agent 如何在同一仓库里用独立 worktree/session 并行干活,并让当前主会话作为 PM 可巡检、可收口、可控制额度消耗。
PM 是当前负责拆解、派工、验收和收口的主会话,不绑定具体产品。Codex 可以做 PM 调 Claude Code 或 OpenCode worker;Claude Code 也可以做 PM 调 Codex 或 OpenCode worker。Skill 只规定角色、隔离、启动、状态和收口协议。
PM-style multi-agent local execution orchestration. It answers one question: how multiple agents can work in parallel in the same repository using independent worktrees/sessions, with the current main session acting as a PM that can inspect, wrap up, and control quota consumption.
PM is the main session responsible for decomposition, task assignment, acceptance, and wrap-up, not bound to specific products. Codex can act as a PM to coordinate Claude Code or OpenCode workers; Claude Code can also act as a PM to coordinate Codex or OpenCode workers. The Skill only defines protocols for roles, isolation, startup, status, and wrap-up.
1. 边界
1. Boundaries
使用本 Skill:
- 需要 2 个以上本地 Agent / Codex / Claude session 并行工作。
- 任务需要独立 worktree、独立分支、独立 PR。
- PM 会话需要启动、监控、纠偏和收口多个 worker。
- 需要把简单任务路由给 Claude Code、Codex、OpenCode 或其他 CLI worker,以控制主会话 token 和不同模型额度消耗。
不使用本 Skill:
- 单个短任务、单文件修改、一次性问答。
- 任务主状态、负责人、依赖管理:用 。
cross-agent-coordination - 分支命名、提交格式、PR merge、push、冲突解决:用 。
git-workflow - 外部 Agent 邮件触发:用对应外部协作/邮件 Skill。
Use this Skill:
- When 2 or more local Agents/Codex/Claude sessions need to work in parallel.
- When tasks require independent worktrees, independent branches, and independent PRs.
- When the PM session needs to start, monitor, correct, and wrap up multiple workers.
- When simple tasks need to be routed to Claude Code, Codex, OpenCode, or other CLI workers to control token consumption of the main session and quota consumption of different models.
Do not use this Skill:
- For single short tasks, single-file modifications, or one-time Q&A.
- For task status management, responsible person tracking, or dependency management: use .
cross-agent-coordination - For branch naming, commit formatting, PR merge, push, or conflict resolution: use .
git-workflow - For external Agent email triggers: use corresponding external collaboration/email Skills.
2. 执行模式
2. Execution Modes
| 模式 | 适用 | 默认隔离 |
|---|---|---|
| PM 直接处理 | 轻量、低风险、无并行价值 | 当前工作区 |
| 同宿主 Subagent | 窄范围分析、审阅、局部修订 | 通常不新建 worktree |
| Claude Code Agent Teams | Claude Code 做 PM 且需要团队式协作 | worktree + branch |
| tmux 独立 CLI session | 需要跨产品 worker、长上下文、独立额度或独立进程 | worktree + branch |
| Claude Code agent view | 需要使用官方后台会话、peek/reply/attach 和 | 可用 Claude 官方 |
| ACP adapter | 项目已提供稳定 adapter,且需要结构化事件流 | adapter 决定,仍建议 worktree + branch |
优先级由项目规则决定。若用户或项目明确要求使用 tmux / 独立 session / 开 worker,进入防逃逸门禁。
| Mode | Applicable Scenarios | Default Isolation |
|---|---|---|
| PM Direct Processing | Lightweight, low-risk tasks with no parallel value | Current workspace |
| Same-host Subagent | Narrow-range analysis, review, or local revisions | Usually no new worktree |
| Claude Code Agent Teams | Claude Code acts as PM and requires team-style collaboration | worktree + branch |
| tmux Independent CLI Session | Requires cross-product workers, long context, independent quota, or independent processes | worktree + branch |
| Claude Code agent view | Needs to use official backend sessions, peek/reply/attach, and | Can use Claude official |
| ACP adapter | Project provides stable adapter and requires structured event flow | Determined by adapter, still recommends worktree + branch |
Priority is determined by project rules. If the user or project explicitly requires tmux/independent session/starting workers, enter the anti-escape gate.
2.1 防逃逸门禁
2.1 Anti-Escape Gate
强制 session 触发条件:
- 用户明确说 、
tmux、独立 session、开 worker、多 Agent 并行、你做 PM / orchestrator,或项目规则要求 tmux / 独立 session。不要你直接写 - 任务需要独立额度、长上下文、后台持续运行、人工可接管,或同时推进 2 个以上本地 worker。
触发后,PM 在任何业务实现前必须完成启动门禁:
- 创建或确认隔离 worktree、语义分支和 Session Context 路径。
- 启动 tmux session;Claude 官方 可作为 Claude 专用等价入口。
--worktree --tmux - 用 /
tmux has-session/tmux list-sessions验证 session 存活,并确认 pane cwd 或 agent cwd 指向目标 worktree。claude agents --json - 给 worker 发送 Bootstrap-only prompt 或 Full worker prompt,prompt 必须包含 Branch、Worktree、Session Context、Runtime Profile、Allowed files、Forbidden files 和验证命令。
- 在 1-2 分钟内确认 出现;若未出现,只能发送 checkpoint-only 纠偏或重启 worker,不得直接接管业务实现。
STATUS.json
降级规则:
- 显式要求 tmux 时,Agent Teams、Subagent、PM 直接处理都不是等价替代;除非用户明确同意降级。
- 显式要求独立 session 但未指定 tmux 时,默认使用 tmux;Claude 官方 可用。Agent view / Agent Teams 只有在能证明独立后台会话、独立 cwd/worktree 和可巡检状态时才可替代。
--worktree --tmux - 门禁失败时,PM 必须报告阻塞和失败点;允许直接修改的仅限 worker prompt、Skill 文档、监控脚本或本地协作配置等编排层文件。
- 若 PM 触发例外直接处理业务代码,最终汇报必须写明例外原因、未使用 session 的具体门禁失败点和用户是否批准降级。
Mandatory session trigger conditions:
- User explicitly mentions ,
tmux,independent session,start workers,multi-agent parallelism,you act as PM/orchestrator, or project rules require tmux/independent session.don't implement directly - Tasks require independent quota, long context, continuous background operation, manual takeover, or simultaneous execution of 2 or more local workers.
After triggering, the PM must complete the startup gate before any business implementation:
- Create or confirm the isolated worktree, semantic branch, and Session Context path.
- Start the tmux session; Claude official can be used as a dedicated equivalent entry for Claude.
--worktree --tmux - Use /
tmux has-session/tmux list-sessionsto verify session survival, and confirm that the pane cwd or agent cwd points to the target worktree.claude agents --json - Send a Bootstrap-only prompt or Full worker prompt to the worker, which must include Branch, Worktree, Session Context, Runtime Profile, Allowed files, Forbidden files, and verification commands.
- Confirm that appears within 1-2 minutes; if not, only send checkpoint-only corrections or restart the worker, do not directly take over business implementation.
STATUS.json
Downgrade rules:
- When tmux is explicitly required, Agent Teams, Subagent, or PM Direct Processing are not equivalent substitutes; unless the user explicitly agrees to downgrade.
- When independent session is explicitly required but tmux is not specified, tmux is used by default; Claude official is available. Agent view/Agent Teams can only be substituted if they can prove independent background sessions, independent cwd/worktree, and inspectable status.
--worktree --tmux - When the gate fails, the PM must report the blockage and failure points; only orchestration layer files such as worker prompts, Skill documents, monitoring scripts, or local collaboration configurations can be directly modified.
- If the PM triggers an exception to directly process business code, the final report must state the exception reason, specific gate failure points for not using the session, and whether the user approved the downgrade.
2.2 角色与后端
2.2 Roles and Backends
先分清角色,再选择后端:
| 角色 | 职责 | 可由谁担任 |
|---|---|---|
| PM | 读取任务源、分组、启动 worker、巡检、验收、合并收口 | 当前 Codex、Claude Code、OpenCode 或其他主会话 |
| Worker | 在指定 worktree/branch 内完成限定任务 | Claude Code、Codex、OpenCode、自定义 CLI、shell 脚本、未来 ACP agent |
| Reviewer | 检查 diff、测试、范围和风险 | PM、另一个 worker、code-review subagent |
PM 代理纪律:
- 如果用户明确要求当前会话做 PM / orchestrator / 多 Agent 编排,PM 默认不直接写业务代码;若同时触发 §2.1,必须先通过启动门禁。
- PM 的核心价值是 token efficiency、模型/额度路由、多线程推进、范围控制和验收收口;实现任务优先派给 worktree worker、独立 CLI session、Agent Teams 或 Subagent。
- PM 可以直接改代码的例外:任务极小且无并行价值、用户明确要求 PM 直接做、worker 连续纠偏失败且只剩窄范围收口、或需要立即修复 PM 自己生成的 orchestration 文档/配置。显式 tmux / 独立 session 要求下,这些例外必须先取得用户确认或记录门禁失败。
- PM 如果越过例外直接下场改代码,应在最终汇报说明原因;常规实现应通过 worker 产物、PM 纠偏和 PR review 完成。
后端选择规则:
- 当前主会话是什么不重要;默认“谁启动编排,谁就是 PM”。
- 需要通过第三方 Anthropic-compatible API 启动 Claude Code 时,worker backend 选 Claude Code;这是 Claude Code worker 的默认额度模式。
- 只有用户明确要走 Claude 订阅/OAuth 时,才使用 profile,并清理第三方 provider 环境变量。
claude-oauth-* - 需要消耗 Codex / OpenAI 额度或使用 Codex 配置时,worker backend 选 Codex。
- 需要消耗 OpenCode 已配置的 provider/model,或要使用 OpenCode 的 /
opencode run能力时,worker backend 选 OpenCode。opencode acp - 需要消耗 WorkBuddy/CodeBuddy 或 QoderWork 平台额度(复用桌面端登录态、零 API Key、含每日免费模型)时,worker backend 选 /
codebuddy;这是跨工具例外(§2.3),适合额度分流或评测 fan-out。两者均由qoderwork-cn统一生成命令(含 qoder 的 SDK 变量清除、codebuddy 的render-runtime-profile.sh);外部 CLI backend 的 worker spawn 默认用 snapshot-copy-into-worktree(DEC-037)自包含。-y - 其他 Agent 只要能用一行命令启动,并能在指定 cwd 读写文件,也可作为 custom CLI worker。
- 需要稳定进程生命周期和人工接管时,优先 ;触发 §2.1 时,
tmux + worktree是默认执行层,不是可静默跳过的建议。tmux + worktree - ACP 只在 adapter 已稳定、能输出结构化状态时启用;没有 adapter 时不要为了协议增加不确定性。
Backend → 默认模型速查表(同宿主 worker 仍按 §2.3 优先;以下默认仅在 PM 主动跨工具或用户明确指定该 backend 时生效):
| Backend | 默认 model(首选 → 备选) | 适用场景 | 备注 |
|---|---|---|---|
| Claude Code | model 见 personal config | 默认主力 host;同 provider 并发上限见 | 详细 provider 映射见 |
| Codex | (见 §2.4 codex_policy) | 用户明确要求时 | 智能高额度贵,默认不主动派 |
| OpenCode | | OpenCode 已有额度 | 按 OpenCode profile |
| model 见 personal config | 用户主动要求 / 主力并发打满溢出(跨平台/跨额度避并发) | SDK 变量需清理 |
| model 见 personal config | 用户主动要求 / 主力并发打满溢出(跨平台/跨额度避并发) | 默认带 |
本表不列具体模型——模型与框架选型是个人偏好(每人可用的 provider/平台额度不同)。具体 model 全在(你的)+config/orchestration-personal.json(通用模板);本表只列 backend 能力 + 模型配置字段位置,缺失时交 PM 按 §2.4 个人偏好读。.example.json
环境/profile 纪律:
- PM 启动 worker 时必须显式写 、settings/profile 路径、模型来源和关键环境变量处理方式,不假定 Claude Code、Codex、OpenCode 共享同一套 shell 环境。
Runtime Profile - Claude Code 第三方 API provider 推荐使用 provider registry:描述多个 provider 的
config/claude-provider-registry.example.json、base_url/auth_token_env、api_key_env和auth_type;真实 registry 放 ignored local 文件,真实 key 优先放环境变量。旧的单 providermodels路径保留兼容。--settings <*.settings.json> - Claude Code 第三方 API provider profile 要保留 /
ANTHROPIC_BASE_URL/ 默认模型映射;不要套用 OAuth 的清理命令。registry 模式由 wrapper 动态生成这些 env,不需要为每个模型维护一个 settings 文件。ANTHROPIC_AUTH_TOKEN - Claude Code 第三方 API provider 必须显式传 ,settings 文件也应包含
--model <provider-model>/ANTHROPIC_MODEL。只传ANTHROPIC_MODEL_NAME不足以隔离用户级--settings或继承环境中的~/.claude/settings.json;实测会出现 settings 指向 GLM、界面和实际默认模型仍显示 MiniMax 的混合状态。ANTHROPIC_MODEL - Claude Code 第三方 API provider 默认由 生成
scripts/render-runtime-profile.shwrapper 命令。wrapper 会先清理继承的 Claude/Anthropic provider 路由变量,再从目标 settings JSON 导入 env,或从 registry 的 provider/model intent 解析 env;补齐scripts/claude-provider-env.sh/ANTHROPIC_AUTH_TOKEN,设置ANTHROPIC_API_KEY,并给CLAUDE_CODE_PROVIDER_MANAGED_BY_HOST=1注入claude,避免用户级--setting-sources project,local的 provider/model 污染本次 worker。~/.claude/settings.json - 只有排障时才可用 绕过 wrapper;PM 必须在 Wave 计划和
--no-provider-env-isolation的METADATA.json中记录这个例外,并启动后核对 banner / STATUS provider。runtime.env_isolation - Claude Code 订阅/OAuth profile 才清理第三方 provider 环境变量,避免误走外部 API。
- Codex / OpenAI worker、OpenCode worker 和 custom CLI worker 使用各自 profile;不要把 Anthropic provider 环境变量当作通用 worker 环境。
- Worker bootstrap 必须把 、版本号、cwd、关键 profile 名和
which claude/codex/opencode等运行信息写入node/npm/python/cargo,便于 PM 判断“环境不一样”是否影响任务。STATUS.json
Clarify roles first, then select backends:
| Role | Responsibilities | Who Can Serve |
|---|---|---|
| PM | Reads task sources, groups tasks, starts workers, inspects, accepts, merges, and wraps up | Current Codex, Claude Code, OpenCode, or other main sessions |
| Worker | Completes limited tasks within the specified worktree/branch | Claude Code, Codex, OpenCode, custom CLI, shell scripts, future ACP agents |
| Reviewer | Checks diffs, tests, scope, and risks | PM, another worker, code-review subagent |
PM Proxy Discipline:
- If the user explicitly requires the current session to act as PM/orchestrator/multi-agent orchestrator, the PM does not directly write business code by default; if §2.1 is triggered simultaneously, the startup gate must be passed first.
- The core value of PM lies in token efficiency, model/quota routing, multi-threaded execution, scope control, and acceptance wrap-up; task implementation is prioritized to be assigned to worktree workers, independent CLI sessions, Agent Teams, or Subagents.
- Exceptions where PM can directly modify code: extremely small tasks with no parallel value, user explicitly requires PM to do it directly, worker fails to correct continuously and only narrow-range wrap-up remains, or immediate repair of orchestration documents/configurations generated by PM itself. Under explicit tmux/independent session requirements, these exceptions must first obtain user confirmation or record gate failures.
- If the PM bypasses exceptions to directly modify code, the reason should be explained in the final report; regular implementation should be completed through worker outputs, PM corrections, and PR reviews.
Backend Selection Rules:
- It doesn't matter what the current main session is; by default, "who starts the orchestration, who is the PM".
- When needing to start Claude Code via a third-party Anthropic-compatible API, select Claude Code as the worker backend; this is the default quota mode for Claude Code workers.
- Only when the user explicitly requires Claude subscription/OAuth, use profiles and clear third-party provider environment variables.
claude-oauth-* - When needing to consume Codex/OpenAI quota or use Codex configurations, select Codex as the worker backend.
- When needing to consume configured providers/models of OpenCode, or use OpenCode's /
opencode runcapabilities, select OpenCode as the worker backend.opencode acp - When needing to consume quota from WorkBuddy/CodeBuddy or QoderWork platforms (reuse desktop login state, zero API Key, includes daily free models), select /
codebuddyas the worker backend; this is a cross-tool exception (§2.3), suitable for quota diversion or evaluation fan-out. Both are uniformly generated byqoderwork-cn(including Qoder's SDK variable clearing, CodeBuddy'srender-runtime-profile.sh); external CLI backend worker spawn uses snapshot-copy-into-worktree (DEC-037) by default for self-containment.-y - Other Agents can also serve as custom CLI workers as long as they can be started with one command and read/write files in the specified cwd.
- When stable process lifecycle and manual takeover are required, prioritize ; when §2.1 is triggered,
tmux + worktreeis the default execution layer, not a suggestion that can be silently skipped.tmux + worktree - ACP is only enabled when the adapter is stable and can output structured status; do not add uncertainty for the protocol when there is no adapter.
Backend → Default Model Quick Reference (same-host workers still prioritize §2.3; the following defaults only take effect when PM actively cross-tools or the user explicitly specifies the backend):
| Backend | Default Model (Preferred → Alternative) | Applicable Scenarios | Notes |
|---|---|---|---|
| Claude Code | See personal config | Default main host; concurrency limit for the same provider see | Detailed provider mapping see |
| Codex | (See §2.4 codex_policy) | When explicitly required by user | High intelligence but expensive quota, not actively assigned by default |
| OpenCode | | OpenCode has available quota | Follow OpenCode profile |
| See personal config | User actively requests / main concurrency is full and overflows (cross-platform/cross-quota to avoid concurrency) | SDK variables need to be cleared |
| See personal config | User actively requests / main concurrency is full and overflows (cross-platform/cross-quota to avoid concurrency) | Default with |
This table does not list specific models—model and framework selection is personal preference (each person has different available provider/platform quotas). Specific models are all in(yours) +config/orchestration-personal.json(general template); this table only lists backend capabilities + model configuration field locations, and if missing, PM reads according to §2.4 personal preferences..example.json
Environment/Profile Discipline:
- When starting workers, PM must explicitly write , settings/profile path, model source, and key environment variable handling methods, do not assume that Claude Code, Codex, and OpenCode share the same shell environment.
Runtime Profile - For Claude Code third-party API providers, it is recommended to use the provider registry: describes
config/claude-provider-registry.example.json,base_url/auth_token_env,api_key_env, andauth_typefor multiple providers; the real registry is placed in ignored local files, and real keys are prioritized in environment variables. The old single providermodelspath is retained for compatibility.--settings <*.settings.json> - Claude Code third-party API provider profiles must retain /
ANTHROPIC_BASE_URL/default model mapping; do not apply OAuth clearing commands. The registry mode dynamically generates these env via wrapper, eliminating the need to maintain a settings file for each model.ANTHROPIC_AUTH_TOKEN - Claude Code third-party API providers must explicitly pass , and the settings file should also include
--model <provider-model>/ANTHROPIC_MODEL. Only passingANTHROPIC_MODEL_NAMEis not enough to isolate the user-level--settingsor inherit~/.claude/settings.jsonin the environment; actual tests show mixed states where settings point to GLM, but the interface and actual default model still display MiniMax.ANTHROPIC_MODEL - By default, Claude Code third-party API providers generate the wrapper command via
scripts/claude-provider-env.sh. The wrapper first clears inherited Claude/Anthropic provider routing variables, then imports env from the target settings JSON, or parses env from the provider/model intent in the registry; supplementsscripts/render-runtime-profile.sh/ANTHROPIC_AUTH_TOKEN, setsANTHROPIC_API_KEY, and injectsCLAUDE_CODE_PROVIDER_MANAGED_BY_HOST=1into--setting-sources project,localto avoid provider/model pollution from user-levelclaudefor this worker.~/.claude/settings.json - Only use to bypass the wrapper during troubleshooting; PM must record this exception in the Wave plan and
--no-provider-env-isolationofruntime.env_isolation, and check the banner/STATUS provider after startup.METADATA.json - Only Claude Code subscription/OAuth profiles clear third-party provider environment variables to avoid mistakenly using external APIs.
- Codex/OpenAI workers, OpenCode workers, and custom CLI workers use their respective profiles; do not treat Anthropic provider environment variables as general worker environments.
- Worker bootstrap must write , version number, cwd, key profile name, and runtime information such as
which claude/codex/opencodeintonode/npm/python/cargo, making it easier for PM to judge whether "different environments" affect the task.STATUS.json
2.3 同宿主优先:不默认跨 Agent 工具
2.3 Same-Host Priority: Do Not Default to Cross-Agent Tools
默认让 worker 与 PM 跑在同一个 Agent 工具里:Claude Code 做 PM 就用 Claude Code worker,Codex 做 PM 就用 Codex worker,OpenCode 同理。不要为了"分流额度"默认把 worker 路由到另一种 Agent 工具。 这条优先于 §2.2 的多 backend 路由建议。
为什么默认同宿主:
- 同宿主 worker 共用一套 auth / settings / 上下文约定,启动和排障成本最低;跨工具会引入不同 profile、不同 env、不同 CLI 行为,编排层不确定性上升。
- 多 Agent 的核心收益是并行 + 范围隔离(独立 worktree / session)+ PM 收口,不是"跨工具"。并行价值来自独立 worktree / session / 额度 lane,与是否换工具无关。
- 跨工具只在有明确理由时才用(见下),不是默认。
同宿主 worker 的 auth 约定(重要,避免误判环境):
- Claude Code PM 启动 Claude Code worker 时,worker 进程继承 PM 的 provider env(第三方 API 的
claude/ANTHROPIC_AUTH_TOKEN,或 OAuth 会话)。即使目标 worktree 的ANTHROPIC_BASE_URL为空或缺省,worker 也能用 PM 的 provider 跑起来,不需要额外的.claude/settings.json。config/*.settings.json - 只有当需要把多个 Claude Code worker 分到不同 provider(例如一部分走 minimax、一部分走 glm)时,才用不同 settings 文件区分 slot;此时仍全部是 Claude Code worker,没有跨工具。
- 判断"worker 是否拿到 provider env"的标准:worker bootstrap 把可用 版本和 provider 来源写进
claude;PM 看到 provider 来源为空或报 401/403 时,再决定是补 settings 还是降级,而不是默认先跨工具。STATUS.json
何时可以跨工具(例外,不是默认):
- 当前宿主 provider 额度 / 限流 / 并发槽位不足以支撑本 Wave,且无法靠"降并发 / 拆下一 Wave"解决。
- 某个 worker 任务明显更适合另一种工具的模型能力(例如超长上下文研究、特定代码栈)。
- 用户明确要求混合 worker(例如"Claude Code 做 PM,重写 worker 用 Codex")。
触发跨工具时的硬要求:PM 必须在 Wave 计划里写明为什么跨、每个 worker 的 backend / profile / auth 来源,以及跨工具带来的额外排障点。§3.1 的 provider slot 分配仍适用,但 slot 默认全部落在 PM 宿主工具上;跨工具 slot 是显式例外,需要在 Wave 摘要里标注。
By default, let workers run in the same Agent tool as the PM: if Claude Code acts as PM, use Claude Code workers; if Codex acts as PM, use Codex workers; same for OpenCode. Do not default to routing workers to another Agent tool for "quota diversion". This takes precedence over the multi-backend routing suggestions in §2.2.
Why same-host by default:
- Same-host workers share a set of auth/settings/context conventions, with the lowest startup and troubleshooting costs; cross-tool introduces different profiles, different env, different CLI behaviors, increasing orchestration layer uncertainty.
- The core benefits of multi-agent are parallelism + scope isolation (independent worktree/session) + PM wrap-up, not "cross-tool". Parallel value comes from independent worktree/session/quota lane, regardless of whether tools are changed.
- Cross-tool is only used when there are clear reasons (see below), not by default.
Auth Conventions for Same-Host Workers (important, avoid environment misjudgment):
- When Claude Code PM starts Claude Code workers, the worker process inherits the PM's provider env (third-party API's
claude/ANTHROPIC_AUTH_TOKEN, or OAuth session). Even if theANTHROPIC_BASE_URLin the target worktree is empty or default, the worker can run using the PM's provider, no additional.claude/settings.jsonrequired.config/*.settings.json - Only when multiple Claude Code workers need to be assigned to different providers (e.g., some use minimax, some use glm), use different settings files to distinguish slots; at this time, all are still Claude Code workers, no cross-tool.
- The standard for judging "whether the worker has obtained the provider env": worker bootstrap writes available version and provider source into
claude; PM decides whether to supplement settings or downgrade only when seeing empty provider source or 401/403 errors, instead of defaulting to cross-tool first.STATUS.json
When Cross-Tool is Allowed (exception, not default):
- The current host provider's quota/rate limit/concurrency slots are insufficient to support this Wave, and cannot be solved by "reducing concurrency/splitting to next Wave".
- A certain worker task is obviously more suitable for the model capabilities of another tool (e.g., ultra-long context research, specific code stack).
- The user explicitly requires mixed workers (e.g., "Claude Code acts as PM, rewrite workers use Codex").
Hard Requirements for Triggering Cross-Tool: PM must write in the Wave plan why cross-tool is used, each worker's backend/profile/auth source, and additional troubleshooting points brought by cross-tool. The provider slot allocation in §3.1 still applies, but slots are all in the PM host tool by default; cross-tool slots are explicit exceptions that need to be marked in the Wave summary.
2.4 个人路由偏好(用户级,可被任何人自定义)
2.4 Personal Routing Preferences (User-Level, Customizable by Anyone)
§2.2 / §2.3 给的是 skill 级默认规则,但每个用户的"主力 / 轮换 / 哪个 backend 给哪个模型"是个个人偏好,不应该硬编码进 skill。机制:
- 配置路径:(在 skill 目录,但 gitignore 不入库——每人本地放自己的实际偏好;不 commit 进仓库,避免把个人模型/框架固化进通用 skill。
config/orchestration-personal.json是入库的通用模板)。.example.json - 模板路径:(schema 文档 / 给 fork 用户的干净模板)。
config/orchestration-personal.example.json - 读取时机:PM 派 worker 前先读 ;缺失则回落
config/orchestration-personal.json默认。.example.json - 作用域:仅声明"偏好"(host、model 轮换、codex policy、跨工具 backend 的默认 model),不声明真实 token / key / endpoint——那些仍归 管。
config/claude-provider-registry.*.json
字段定义(与 example schema 对齐):
| 字段 | 含义 | 缺省回落 |
|---|---|---|
| PM 主力宿主工具(你用的 Agent 工具: | |
| 常规/高端任务的 model(你自选) | 无(必填) |
| 简单任务+多模态/图片解读的 model(你自选) | 无 |
| 任务类型不明时回落(通常 = high_end) | 无 |
| 同一 provider 并发上限(尽量更低避限流连累其他任务) | 用户定(示例 3) |
| 超上限时溢出到哪些 backend(不同平台/额度避并发) | 用户定 |
| | |
| 跨平台 backend 的默认 model(首选在前); | 留空 → 不启用跨平台溢出 |
Codex 硬规则(个人偏好中最重要的一条):
- 时,PM 不主动把任何 worker 路由到 Codex;只有用户当轮明确说"用 Codex"才解封,并写到 Wave 计划里。
codex_policy.policy = "explicit_only" - 这条独立于 §2.3 同宿主优先:即使 §2.3 同宿主工具是 Codex host,PM 仍按此政策判断是否派 worker 到 Codex。
- 想恢复 Codex 默认可用,改 。
policy = "allowed"
与 §2.2 / §2.3 / §3.3 的关系:
- §2.2 backend 表 → §2.4 个人偏好 → §3.3 项目级 provider slot 默认 → 最终 backend / model 选择。优先级 §2.3(不主动跨工具)压 §2.2(多 backend),§2.4 个人偏好压 §2.2 默认 model 表,§3.3 项目级 provider slot 计划压 §2.4 通用 host。
- §2.4 字段命名故意跟 §3.3 项目级 provider slot 不冲突:项目级 slot 写的是"这一 Wave 用哪个 slot 跑哪个 worker"(含 model、max_concurrency);§2.4 写的是"我个人偏好默认用什么 host / 什么 backend 给什么 model"。前者落地到 Wave 计划,后者落地到 PM 派单决策。
TODO(后续增强): 自动读 personal config(解析 → 默认 、解析 → 是否允许 codex backend、解析 → 跨工具 default)当前未实现;本次只做配置 + 文档 + PM 手动遵循,避免无人监督下改脚本引入新不确定性。需要做的时候开新 worker,不要在 PM 任务里顺手改。
scripts/render-runtime-profile.shmain_force.task_routing--modelcodex_policy.policybackend_model_routing.<backend>.default_models§2.2/§2.3 provide skill-level default rules, but each user's "main/rotation/which backend for which model" is a personal preference that should not be hard-coded into the skill. Mechanism:
- Configuration Path: (in the skill directory, but gitignore and not stored in the repository—each person places their actual preferences locally; do not commit to the repository to avoid solidifying personal models/frameworks into the general skill.
config/orchestration-personal.jsonis the general template stored in the repository)..example.json - Template Path: (schema documentation / clean template for fork users).
config/orchestration-personal.example.json - Reading Timing: PM reads before assigning workers; if missing, falls back to
config/orchestration-personal.jsondefaults..example.json - Scope: Only declares "preferences" (host, model rotation, codex policy, default model for cross-tool backends), not real tokens/keys/endpoints—those are still managed by .
config/claude-provider-registry.*.json
Field Definitions (aligned with example schema):
| Field | Meaning | Default Fallback |
|---|---|---|
| PM's main host tool (the Agent tool you use: | |
| Model for regular/high-end tasks (self-selected) | None (required) |
| Model for simple tasks + multimodal/image interpretation (self-selected) | None |
| Fallback when task type is unknown (usually = high_end) | None |
| Concurrency limit for the same provider (try to keep low to avoid rate limit affecting other tasks) | User-defined (example 3) |
| Which backends to overflow to when exceeding the limit (different platforms/quotas to avoid concurrency) | User-defined |
| | |
| Default models for cross-platform backends (preferred first); | Empty → cross-platform overflow not enabled |
Codex Hard Rule (the most important one in personal preferences):
- When , PM does not actively route any workers to Codex; only when the user explicitly says "use Codex" in the current round is it unlocked, and written into the Wave plan.
codex_policy.policy = "explicit_only" - This is independent of §2.3 same-host priority: even if §2.3 same-host tool is Codex host, PM still judges whether to assign workers to Codex according to this policy.
- To restore Codex availability by default, change .
policy = "allowed"
Relationship with §2.2/§2.3/§3.3:
- §2.2 backend table → §2.4 personal preferences → §3.3 project-level provider slot defaults → final backend/model selection. Priority: §2.3 (do not actively cross-tool) overrides §2.2 (multi-backend), §2.4 personal preferences override §2.2 default model table, §3.3 project-level provider slot plan overrides §2.4 general host.
- §2.4 field naming is deliberately not conflicting with §3.3 project-level provider slots: project-level slots write "which slot to use for which worker in this Wave" (including model, max_concurrency); §2.4 writes "my personal preference for default host/which backend for which model". The former is implemented in the Wave plan, the latter in PM's task assignment decisions.
TODO (Future Enhancement): automatically reads personal config (parses → default , parses → whether codex backend is allowed, parses → cross-tool default) is currently not implemented; this time only implements configuration + documentation + manual compliance by PM, avoiding introducing new uncertainty by modifying scripts without supervision. When needed, start a new worker, do not modify it casually in PM tasks.
scripts/render-runtime-profile.shmain_force.task_routing--modelcodex_policy.policybackend_model_routing.<backend>.default_models3. 标准流程
3. Standard Process
- 读任务源与项目配置:若项目提供 或等价配置,先读取 trunk、任务源、验证命令、可复制配置和 hook 边界;再用
.claude/orchestration.config.json判断可执行项、依赖和归属。cross-agent-coordination - 先分组:不要默认一个 Issue 一个 worker。文件范围重叠、同一章节/模块、存在依赖链的任务应同组顺序执行。
- 判定并行安全:只有文件范围清晰、无共享迁移/锁文件/schema、验收标准独立时才拆成多个 worktree 并行。
- 判定是否触发防逃逸门禁:只要用户或项目明确要求 tmux / 独立 session / 开 worker,按 §2.1 执行;门禁未通过前不写业务代码。
- 选择 worker backend 和 runtime profile:按任务复杂度、当前额度、模型偏好和是否需要独立进程,选择 Claude Code / Codex / OpenCode / custom CLI / shell / ACP。
- PM 创建隔离环境:默认由 PM 创建 worktree、分支和 session context 目录,再把路径交给 worker;只有 Claude Code 官方 Agent Teams / agent view 明确使用自身 能力时,才允许由 Claude Code 创建,但 PM 仍要验收分支、路径和隔离状态。
--worktree - 启动 worker 并验证门禁:给每个 worker 明确目标文件、允许修改范围、验证命令、session context 目录、提交和 PR 要求;确认 session 存活、cwd/branch 正确、出现或已发送 bootstrap correction。
STATUS.json - PM 巡检:优先查看 、
.claude/agent-sessions/<session-id>/STATUS.json、RESULT.md、git status、commit/PR 状态;Claude 官方 Agent Teams 则优先读取PATCH_SUMMARY.md和~/.claude/teams/<team>/,~/.claude/tasks/<team>/、tmux pane 或 agent view 作为兜底观察。发现偏题、阻塞、范围扩大或无阶段性提交时介入。claude agents --json - PM 验收而非代写:PM 对 worker 结果做范围检查、测试复核和 review;发现问题优先发纠偏指令或派给 reviewer/另一个 worker,不默认自己改业务代码。
- 收口:worker 提交并开 PR 后,PM 做范围检查、触发 review、按 合并和清理。
git-workflow - PM 必做实操验证:任何软件功能修改(不论 L1/L2/L3)worker 声称"完成"前,PM 必须真正启动 dev server(Vite dev / Tauri dev / 对应入口),用 Playwright MCP 或截图实际打开应用、点击按钮、切换 tab、调整窗口、输入文本,把验证证据(DOM 测量、关键断言、截图)写入 或对应
goal-contract.md。仅靠 typecheck / 单测 / lint / build 全部通过就宣称"完成"是不充分的——这些只证明"代码能编译",不证明"功能真的能用"。RESULT.md
- Read Task Sources and Project Configurations: If the project provides or equivalent configuration, first read trunk, task sources, verification commands, copyable configurations, and hook boundaries; then use
.claude/orchestration.config.jsonto judge executable items, dependencies, and ownership.cross-agent-coordination - Group Tasks First: Do not default to one worker per Issue. Tasks with overlapping file scopes, belonging to the same chapter/module, or having dependency chains should be grouped and executed sequentially.
- Judge Parallel Safety: Only split into multiple worktrees for parallel execution when file scopes are clear, no shared migration/lock files/schema, and acceptance criteria are independent.
- Judge Whether to Trigger Anti-Escape Gate: As long as the user or project explicitly requires tmux/independent session/starting workers, execute according to §2.1; do not write business code before the gate is passed.
- Select Worker Backend and Runtime Profile: Select Claude Code/Codex/OpenCode/custom CLI/shell/ACP according to task complexity, current quota, model preferences, and whether independent processes are needed.
- PM Creates Isolated Environment: By default, PM creates worktree, branch, and session context directory, then passes the path to the worker; only when Claude Code official Agent Teams/agent view explicitly uses its own capability is Claude Code allowed to create, but PM still needs to verify the branch, path, and isolation status.
--worktree - Start Worker and Verify Gate: Give each worker clear target files, allowed modification scope, verification commands, session context directory, commit and PR requirements; confirm session survival, correct cwd/branch, appears, or bootstrap correction has been sent.
STATUS.json - PM Inspection: Prioritize viewing ,
.claude/agent-sessions/<session-id>/STATUS.json,RESULT.md, git status, commit/PR status; for Claude official Agent Teams, prioritize readingPATCH_SUMMARY.mdand~/.claude/teams/<team>/, with~/.claude/tasks/<team>/, tmux pane, or agent view as fallback observation. Intervene when off-topic, blocked, scope expanded, or no phased commits.claude agents --json - PM Accepts Instead of Writing: PM performs scope check, test review, and review on worker results; when problems are found, prioritize sending correction instructions or assigning to reviewer/another worker, do not default to modifying business code by yourself.
- Wrap-Up: After the worker commits and opens a PR, PM performs scope check, triggers review, merges and cleans up according to .
git-workflow - PM Must Perform Practical Verification: Before the worker claims "completion" for any software function modification (regardless of L1/L2/L3), PM must actually start the dev server (Vite dev/Tauri dev/corresponding entry), use Playwright MCP or screenshots to actually open the application, click buttons, switch tabs, adjust windows, input text, and write verification evidence (DOM measurement, key assertions, screenshots) into or corresponding
goal-contract.md. Claiming "completion" only because typecheck/unit test/lint/build all pass is insufficient—these only prove "code can compile", not "function really works".RESULT.md
3.1 Wave-Based Orchestration
3.1 Wave-Based Orchestration
Wave 是在同一 base ref、同一批冲突假设下启动的一组并行 worker。它用来记录“本项目已经并行推进过几轮”、控制并发风险,并让 PM 在每轮结束后复盘 provider/model 表现。
Wave 启动前,PM 必须写清:
- 、base ref、目标、worker 清单、每个 worker 的分支/worktree/session。
wave_id - 每个 worker 的类型:(低风险 UI 接线)、
ui-wiring(共享契约/依赖变更)、contract-extension(Rust/Tauri/本机依赖)、tauri-command、docs/research。custom - runtime profile / provider / model / registry 或 settings/profile 路径 / 额度来源 / 并发槽位。超过 3-4 个 worker 时,不要压在单一 API provider 或同一个 provider key 上;应跨 Claude provider、Codex/OpenAI、OpenCode、local/OSS 等 profile 分流。
- 共享风险:、锁文件、
package.json、src-tauri/、全局布局、DEC 编号或同一模块入口。src/shared/ - 预期 PR 数、收口顺序、下一 Wave 进入条件。
并发数量不是固定 3 个。文件范围独立、验证命令独立、无共享契约冲突时,默认目标可提高到 4-6 个 worker;纯文档、翻译、i18n、互不重叠 UI 接线可以更多。涉及共享依赖、锁文件、Tauri command、全局布局、DEC race 或同一模块入口时,降到 1-3 个并按依赖顺序推进。
Provider slot 分配是 PM 的显式规划,不是脚本自动猜测:
- 一个 slot 表示一条可并发额度 lane:。
backend + settings/profile path + provider + model + max_concurrency - Claude Code 第三方 provider 推荐用 registry + provider id + model alias 区分,例如 +
config/claude-providers.local.json;旧路径也可用具体 settings 文件区分,例如<provider>/<model-alias>。真实 registry/settings 文件保持本地 ignored,不提交;具体用哪个 provider/model 见 personal config。config/<your-provider>.settings.json - Codex 用 Codex profile / model 区分;OpenCode 用 profile 区分;custom worker 写明实际命令来源。
provider/model - 默认同一 provider/settings 文件最多放 3 个 worker;只有低风险任务且上一 Wave 表现稳定时才放到 4 个。需要 5-6 个 worker 时,优先拆到第二 provider 或 Codex/OpenCode/local profile。
- 高风险任务(共享契约、Tauri/Rust、本机依赖、锁文件)优先给上一 Wave 指令遵循和验证表现最好的 profile,且每个高风险共享域通常只开 1 个 worker。
- 如果本机只有一个可用 settings/profile,不要为了凑人数启动 5-6 个 worker;把并发 cap 降到 3-4,剩余任务进入下一 Wave。
6-worker 示例:
| Worker | 任务风险 | Backend | Settings/Profile | Slot |
|---|---|---|---|---|
| W1 | 高 | Claude Code | | |
| W2 | 中 | Claude Code | | |
| W3 | 低 | Claude Code | | |
| W4 | 低 | Claude Code | | |
| W5 | 文档/研究 | Codex | | |
| W6 | 重复性低风险 | OpenCode/custom | | |
Wave 收口时,PM 记录每个 worker 的 / / / / ,并评估模型/provider 表现:Isolation Gate、STATUS 心跳、commit 节奏、范围遵循、验证通过率、review 修复次数、diff 质量、阻塞/幻觉/环境误判。下一 Wave 根据该评估调整任务分配:高风险任务给指令遵循和工程可靠性更好的 profile,低风险重复任务给成本或吞吐更优的 profile。
mergeddone-unmergedblockeddeferredrestartedWave is a group of parallel workers started under the same base ref and same batch of conflict assumptions. It is used to record "how many rounds of parallel execution have been carried out in this project", control concurrency risks, and allow PM to review provider/model performance after each round.
Before starting a Wave, PM must clearly write:
- , base ref, goal, worker list, branch/worktree/session for each worker.
wave_id - Type of each worker: (low-risk UI wiring),
ui-wiring(shared contract/dependency change),contract-extension(Rust/Tauri/native dependency),tauri-command,docs/research.custom - Runtime profile/provider/model/registry or settings/profile path/quota source/concurrency slot. When there are more than 3-4 workers, do not press them on a single API provider or the same provider key; should divert across Claude providers, Codex/OpenAI, OpenCode, local/OSS profiles.
- Shared risks: , lock files,
package.json,src-tauri/, global layout, DEC number, or the same module entry.src/shared/ - Expected number of PRs, wrap-up order, entry conditions for next Wave.
The number of concurrent workers is not fixed at 3. When file scopes are independent, verification commands are independent, and no shared contract conflicts, the default target can be increased to 4-6 workers; pure documents, translation, i18n, non-overlapping UI wiring can have more. When involving shared dependencies, lock files, Tauri command, global layout, DEC race, or the same module entry, reduce to 1-3 workers and execute in dependency order.
Provider slot allocation is an explicit plan by PM, not automatically guessed by scripts:
- A slot represents a concurrent quota lane: .
backend + settings/profile path + provider + model + max_concurrency - For Claude Code third-party providers, it is recommended to distinguish by registry + provider id + model alias, e.g., +
config/claude-providers.local.json; old paths can also be distinguished by specific settings files, e.g.,<provider>/<model-alias>. Real registry/settings files remain locally ignored and not submitted; specific provider/model used see personal config.config/<your-provider>.settings.json - Codex is distinguished by Codex profile/model; OpenCode is distinguished by profile; custom workers specify the actual command source.
provider/model - By default, a maximum of 3 workers are placed in the same provider/settings file; only when tasks are low-risk and the previous Wave performed stably can it be increased to 4. When 5-6 workers are needed, prioritize splitting to the second provider or Codex/OpenCode/local profile.
- High-risk tasks (shared contracts, Tauri/Rust, native dependencies, lock files) are prioritized to profiles with the best instruction compliance and verification performance in the previous Wave, and usually only 1 worker is opened per high-risk shared domain.
- If there is only one available settings/profile locally, do not start 5-6 workers to凑 numbers; reduce the concurrency cap to 3-4, and remaining tasks enter the next Wave.
6-Worker Example:
| Worker | Task Risk | Backend | Settings/Profile | Slot |
|---|---|---|---|---|
| W1 | High | Claude Code | | |
| W2 | Medium | Claude Code | | |
| W3 | Low | Claude Code | | |
| W4 | Low | Claude Code | | |
| W5 | Docs/Research | Codex | | |
| W6 | Repetitive Low-Risk | OpenCode/custom | | |
When wrapping up a Wave, PM records each worker's ////, and evaluates model/provider performance: Isolation Gate, STATUS heartbeat, commit rhythm, scope compliance, verification pass rate, number of review fixes, diff quality, blockage/hallucination/environment misjudgment. Adjust task allocation in the next Wave based on this evaluation: assign high-risk tasks to profiles with better instruction compliance and engineering reliability, assign low-risk repetitive tasks to profiles with better cost or throughput.
mergeddone-unmergedblockeddeferredrestarted3.2 Goal-Driven Multi-Wave Loop
3.2 Goal-Driven Multi-Wave Loop
Orchestration Goal 是 PM 层目标循环,用来让多轮 Wave 在条件满足前持续推进。它不把所有任务交给单个 worker;PM 仍按 Wave 从任务源取下一批安全可并行项,worker 仍只执行自己的窄范围任务。
启动 Goal Loop 前,PM 必须写清 Goal Contract,模板见 :
templates/orchestration-goal.md- 任务源:如 、GitHub Issues、项目配置中的 issue file。
docs/TASKS.md - 成功条件:例如目标范围内没有可执行 pending task、所有已启动 worker 都进入 /
merged/done-unmerged/blocked,主干验证通过,文档已同步。deferred - 自主级别:(只规划下一 Wave)、
plan-only(可自动开下一 Wave)、auto-launch(可自动复核 worker 结果)、auto-review(在项目规则允许时按auto-merge合并)。git-workflow - 上限:最大 wave 数、每轮最大 worker、总 worker、预算/时间、provider 并发槽位。
- 继续条件和停止条件。
PM 可在支持的宿主中使用 Claude Code / Codex 的 来包住 PM loop,但 只负责让 PM 持续执行循环,不替代本 Skill 的 worktree、tmux、checkpoint、review 和 merge 门禁。Goal prompt 必须写明“PM 不直接实现业务代码;实现仍由 worker 完成”。
/goal/goal每轮 Wave 收口后,PM 按以下顺序决定是否自动继续:
- 读取任务源,关闭已完成项,识别可执行 pending task、依赖、文件范围和共享风险。
- 确认当前 Wave 没有未处理的 failed/blocked worker、未验收 PR、base drift、冲突、主干验证失败或敏感/破坏性操作。
- 根据上一 Wave 的 provider/model 评估调整并发:干净通过可维持或小幅增加,出现冲突、范围越界、验证失败或限流则降并发。
- 若仍有可安全并行的任务,创建下一 Wave;若只剩高冲突/高风险任务,降为 1-2 个 worker 或停下请求用户确认。
- 若成功条件满足,写 final goal summary 并停止。
自动继续条件:
- 上一 Wave 的 worker 均为 、
merged、done-unmerged或明确deferred且不会影响下一 Wave。blocked - 所有合并动作已按 处理,base ref、本地主干和远端主干一致或已明确记录差异。
git-workflow - 必需验证通过;跳过的验证有清楚原因且不影响下一 Wave。
- 下一批任务的 allowed/forbidden files 清晰,且没有共享锁文件、schema、全局布局或 DEC 编号 race 未解决。
- provider 并发槽位足够,且没有连续限流、长延迟或 worker 指令遵循退化。
必须停止并汇报的条件:
- 任一 worker 、
failed且影响下一 Wave,或连续两次纠偏无效。blocked - PR 冲突、base drift、主干验证失败、测试不稳定、merge 权限不足或 GitHub/CI 状态不明。
- 下一批任务需要用户产品判断、破坏性文件操作、联网敏感处理、密钥/隐私处理或项目规则未授权的自动合并。
- 任务源含糊、依赖未满足、文件范围高度重叠,或只剩共享契约/锁文件/Tauri command 等高风险任务。
- 达到 Goal Contract 的 wave、worker、时间、预算或 provider 上限。
Orchestration Goal is the PM-level goal loop, used to make multiple rounds of Waves continue to advance until conditions are met. It does not hand all tasks to a single worker; PM still takes the next batch of safely parallelizable items from the task source according to Waves, and workers still only execute their narrow-scope tasks.
Before starting the Goal Loop, PM must clearly write the Goal Contract, template see :
templates/orchestration-goal.md- Task source: e.g., , GitHub Issues, issue file in project configuration.
docs/TASKS.md - Success criteria: e.g., no executable pending tasks within the target scope, all started workers enter /
merged/done-unmerged/blocked, trunk verification passes, documents are synchronized.deferred - Autonomy level: (only plan the next Wave),
plan-only(can automatically start the next Wave),auto-launch(can automatically review worker results),auto-review(merge according toauto-mergewhen project rules allow).git-workflow - Upper limits: maximum number of waves, maximum workers per round, total workers, budget/time, provider concurrency slots.
- Continue conditions and stop conditions.
PM can use Claude Code/Codex's in supported hosts to wrap the PM loop, but only responsible for making PM continue to execute the loop, not replacing the worktree, tmux, checkpoint, review, and merge gates of this Skill. The Goal prompt must clearly state "PM does not directly implement business code; implementation is still completed by workers".
/goal/goalAfter wrapping up each Wave, PM decides whether to continue automatically in the following order:
- Read the task source, close completed items, identify executable pending tasks, dependencies, file scopes, and shared risks.
- Confirm that the current Wave has no unprocessed failed/blocked workers, unaccepted PRs, base drift, conflicts, trunk verification failures, or sensitive/destructive operations.
- Adjust concurrency based on the provider/model evaluation of the previous Wave: maintain or slightly increase if cleanly passed, reduce concurrency if conflicts, scope overstepping, verification failures, or rate limits occur.
- If there are still safely parallelizable tasks, create the next Wave; if only high-conflict/high-risk tasks remain, reduce to 1-2 workers or stop to request user confirmation.
- If success criteria are met, write final goal summary and stop.
Automatic Continue Conditions:
- All workers in the previous Wave are ,
merged,done-unmerged, or clearlydeferredand will not affect the next Wave.blocked - All merge actions have been processed according to , base ref, local trunk, and remote trunk are consistent or differences have been clearly recorded.
git-workflow - Required verifications pass; skipped verifications have clear reasons and do not affect the next Wave.
- Allowed/forbidden files for the next batch of tasks are clear, and there are no unresolved shared lock files, schema, global layout, or DEC number race.
- Provider concurrency slots are sufficient, and there is no continuous rate limit, long delay, or degradation of worker instruction compliance.
Conditions to Stop and Report:
- Any worker is ,
failedand affects the next Wave, or continuous correction fails twice.blocked - PR conflicts, base drift, trunk verification failure, unstable tests, insufficient merge permissions, or unclear GitHub/CI status.
- The next batch of tasks requires user product judgment, destructive file operations, sensitive network processing, key/privacy processing, or automatic merge not authorized by project rules.
- Task source is ambiguous, dependencies are not met, file scopes are highly overlapping, or only high-risk tasks such as shared contracts/lock files/Tauri command remain.
- Reach the wave, worker, time, budget, or provider upper limits in the Goal Contract.
3.3 Optional Project Config
3.3 Optional Project Config
项目可放置 ,模板见 。该配置只声明项目默认值,不替代 PM 判断,也不允许静默执行破坏性动作。
.claude/orchestration.config.jsontemplates/project-config.json配置可声明:
- trunk/base ref、任务源、默认 worktree/session context 路径。
- 按 worker type 拆分的验证命令。
- provider slot 默认计划,供 Goal/Wave 启动清单引用。
- 可复制到 worktree 的非敏感配置文件,例如 或只读模板。
.npmrc.example - post-create / pre-merge hook 命令。
与 §2.4 个人偏好叠加(用户级 vs 项目级):
| 维度 | 用户级(§2.4) | 项目级(§3.3) |
|---|---|---|
| 路径 | | |
| 内容 | 个人主力 host、默认 model 轮换、Codex policy、跨工具 backend 默认 model | trunk / 任务源 / 验证命令 / 本项目 provider slot 默认计划 / hook |
| 谁写 | 用户自己 | 项目维护者 |
| 谁读 | PM 派 worker 前 | PM 启动 Wave 前 |
| 优先级 | 低(个人通用偏好) | 高(项目覆盖个人) |
例:个人偏好 host=claude-code + model=<你的模型>;项目级 provider slot 计划写"本 Wave 的 W3/W4 走 <某 provider>"——则 W3/W4 用该 provider,其他 worker 仍按个人偏好。两者不冲突,也不应互相复制;项目级不写个人偏好字段(避免把 dotfile 化进仓库)。
配置安全规则:
- 永远不要默认复制 、真实 settings、token、key、cookie、证书或账号凭证。
.env - 只允许非敏感文件;
allowed_config_copy命中时必须停止并报告。forbidden_config_copy - hook 默认只是声明。PM 只有在项目规则或用户明确授权时才运行;运行前应展示命令,必要时先 dry-run。
- 不自动读取项目配置、不自动复制配置、不自动执行 hook,避免把可选约定升级成隐式副作用。
spawn-worker.sh - 若配置缺失或字段不清楚,PM 回到 Skill 默认值:trunk=、不复制配置、不跑 hook、只使用 worker prompt 明确列出的验证命令。
main
Projects can place , template see . This configuration only declares project defaults, does not replace PM judgment, and does not allow silent execution of destructive actions.
.claude/orchestration.config.jsontemplates/project-config.jsonConfiguration can declare:
- Trunk/base ref, task source, default worktree/session context path.
- Verification commands split by worker type.
- Default provider slot plan, referenced by Goal/Wave startup list.
- Non-sensitive configuration files that can be copied to worktree, e.g., or read-only templates.
.npmrc.example - Post-create/pre-merge hook commands.
叠加 with §2.4 Personal Preferences (User-Level vs Project-Level):
| Dimension | User-Level (§2.4) | Project-Level (§3.3) |
|---|---|---|
| Path | | |
| Content | Personal main host, default model rotation, Codex policy, default model for cross-tool backends | Trunk/task source/verification commands/default provider slot plan for this project/hooks |
| Who Writes | User themselves | Project maintainers |
| Who Reads | PM before assigning workers | PM before starting Wave |
| Priority | Low (personal general preferences) | High (project overrides personal) |
Example: Personal preference host=claude-code + model=<your model>; project-level provider slot plan writes "W3/W4 of this Wave use <a certain provider>"—then W3/W4 use this provider, other workers still follow personal preferences. The two do not conflict and should not copy each other; project-level does not write personal preference fields (avoid dotfile into repository).
Configuration Security Rules:
- Never copy , real settings, tokens, keys, cookies, certificates, or account credentials by default.
.env - only allows non-sensitive files; must stop and report when
allowed_config_copyis hit.forbidden_config_copy - Hooks are only declarations by default. PM only runs them when authorized by project rules or user explicitly; should display the command before running, and dry-run if necessary.
- does not automatically read project configuration, copy configuration, or execute hooks, avoiding upgrading optional conventions into implicit side effects.
spawn-worker.sh - If configuration is missing or fields are unclear, PM returns to Skill defaults: trunk=, no configuration copied, no hooks run, only use verification commands explicitly listed in worker prompts.
main
4. 命名规则
4. Naming Rules
一处定义、各处引用一致(硬约束,实测踩坑)。 branch / worktree / session / run-dir / spec 必须从同一个 source 派生,在各处(PM Wave 计划、 参数、worker prompt 里写的 Branch/Worktree/Session Context、METADATA.json、回归库 )引用完全一致。实测中 PM 手抖把 的 前缀剥掉、或 branch 与 session 名对不上,直接导致 worker 的 Isolation Gate( / 自检)拦截、sentinel 找不到 、收口 验空 diff。规避:
spawn-worker.shruns/<variant>/wr-v0107-<model-id>-ch08wr-pwdgit branch --show-currentSTATUS.jsongit diff- PM 在 Wave 计划里一次写下 四元组,后续所有
{branch, worktree, session, run-dir}/ 纠偏 / 收口命令都从该四元组复制,不在中途重新键入或简化。tmux send-keys - 内部已从单一 source 派生:
scripts/spawn-worker.sh→BRANCH(worktree-safe)→ 默认safe_branch→WORKTREE=.claude/worktrees/tmux-<safe_branch>。PM 只需保证传入的SESSION_CONTEXT=<worktree>/.claude/agent-sessions/<session>和--branch本身一致且完整,helper 不会再让 worktree 与 branch 脱钩。--session - cross-model / 评测场景的命名四元组带模型标识(见 的 model-aware 命名约定),整条链路用同一个
agent-eval-lab,避免 PM 在不同环节用不同简称。variant_slug
分支名面向远端协作和 PR,必须体现任务语义,不写执行来源。
text
docs/ch01-agent-intro
research/issue-13-ch08-materials
fix/agent-session-shellworktree 路径只用于本地隔离,应加执行来源前缀:
text
.claude/worktrees/tmux-ch01-agent-intro
.claude/worktrees/team-agent-session-shell
.claude/worktrees/subagent-copyedit-ch02不要把 、、、 写进分支名。分支类型前缀和提交/PR 格式以 为准。
tmux-subagent-team-agentteam-git-workflow创建示例:
bash
git worktree add .claude/worktrees/tmux-ch01-agent-intro -b docs/ch01-agent-intro
git worktree add .claude/worktrees/team-agent-shell -b fix/agent-session-shellDefine once, reference consistently everywhere (hard constraint, tested pitfalls). branch/worktree/session/run-dir/spec must be derived from the same source, and referenced exactly consistently everywhere (PM Wave plan, parameters, Branch/Worktree/Session Context written in worker prompt, METADATA.json, regression library ). In actual tests, PM accidentally stripped the prefix from , or branch and session name did not match, directly causing worker's Isolation Gate (self-check of /) to intercept, sentinel to fail to find , and wrap-up to verify empty diff. Avoidance:
spawn-worker.shruns/<variant>/wr-wr-v0107-<model-id>-ch08pwdgit branch --show-currentSTATUS.jsongit diff- PM writes the quadruple once in the Wave plan, and all subsequent
{branch, worktree, session, run-dir}/correction/wrap-up commands are copied from this quadruple, not re-typed or simplified midway.tmux send-keys - internally derives from a single source:
scripts/spawn-worker.sh→BRANCH(worktree-safe) → defaultsafe_branch→WORKTREE=.claude/worktrees/tmux-<safe_branch>. PM only needs to ensure that the passedSESSION_CONTEXT=<worktree>/.claude/agent-sessions/<session>and--branchare consistent and complete, and the helper will not decouple worktree from branch.--session - The naming quadruple for cross-model/evaluation scenarios includes model identification (see model-aware naming convention of ), and the entire link uses the same
agent-eval-lab, avoiding PM using different abbreviations in different links.variant_slug
Branch names are for remote collaboration and PRs, must reflect task semantics, do not write execution sources.
text
docs/ch01-agent-intro
research/issue-13-ch08-materials
fix/agent-session-shellWorktree paths are only for local isolation, should add execution source prefix:
text
.claude/worktrees/tmux-ch01-agent-intro
.claude/worktrees/team-agent-session-shell
.claude/worktrees/subagent-copyedit-ch02Do not write , , , into branch names. Branch type prefixes and commit/PR formats follow .
tmux-subagent-team-agentteam-git-workflowCreation Example:
bash
git worktree add .claude/worktrees/tmux-ch01-agent-intro -b docs/ch01-agent-intro
git worktree add .claude/worktrees/team-agent-shell -b fix/agent-session-shell4.1 Session Context 目录
4.1 Session Context Directory
Worker 的本地状态统一写到当前 worktree 的 (下文简称 Session Context),复用项目既有 协作空间,与 Claude Code 官方 Agent Teams 状态源明确区分。
.claude/agent-sessions/<session-id>/.claude/text
.claude/agent-sessions/legal-ch01/METADATA.json
.claude/agent-sessions/legal-ch01/STATUS.json
.claude/agent-sessions/legal-ch01/RESULT.md
.claude/agent-sessions/legal-ch01/PATCH_SUMMARY.mdClaude Code 官方 Agent Teams 是另一套机制:团队配置在用户目录 ,任务状态在 ,inbox 在 。使用官方 Agent Teams 时优先读写这些官方状态源;不要在项目里自造 来冒充官方 team。
~/.claude/teams/<team-name>/config.json~/.claude/tasks/<team-name>/~/.claude/teams/<team-name>/inboxes/.claude/teams/.claude/agent-sessions/Worker's local status is uniformly written to in the current worktree (hereinafter referred to as Session Context), reusing the project's existing collaboration space, clearly distinguished from Claude Code official Agent Teams status sources.
.claude/agent-sessions/<session-id>/.claude/text
.claude/agent-sessions/legal-ch01/METADATA.json
.claude/agent-sessions/legal-ch01/STATUS.json
.claude/agent-sessions/legal-ch01/RESULT.md
.claude/agent-sessions/legal-ch01/PATCH_SUMMARY.mdClaude Code official Agent Teams is another set of mechanisms: team configuration is in user directory , task status is in , inbox is in . When using official Agent Teams, prioritize reading and writing these official status sources; do not create in the project to impersonate official teams.
~/.claude/teams/<team-name>/config.json~/.claude/tasks/<team-name>/~/.claude/teams/<team-name>/inboxes/.claude/teams/.claude/agent-sessions/5. Worker Prompt 模板
5. Worker Prompt Template
Worker prompt 应像启动 subagent 一样给足上下文:任务来源、验收标准、允许文件、禁止文件、验证命令、checkpoint 协议、隔离自检和 PM 纠偏协议都要写清。不要只给一句“实现某功能”,否则 worker 容易把环境、依赖或相关技术债扩展成自己的任务。
模板放在 ,包含两个可复制段落:
templates/worker-prompt.md- Bootstrap-only prompt:只创建 ,适合高延迟 provider 或 high-effort 模型的第一条消息。
STATUS.json - Full worker prompt:按 Context / Background / Mission / Scope / Deliverables / Process / Verification / Autonomy / Out of Scope / PM Correction 组织,接近派发 subagent 时的写法。
对高延迟 provider 或 high-effort 模型,优先用两段式启动:第一条消息使用 Bootstrap-only prompt 创建 并回报 runtime;PM 确认 checkpoint 后,再发送 Full worker prompt。这样能避免 worker 在长思考前没有可观测状态。
Session Context/STATUS.jsonWorker prompts should provide sufficient context like starting a subagent: task source, acceptance criteria, allowed files, forbidden files, verification commands, checkpoint protocol, isolation self-check, and PM correction protocol must be clearly written. Do not only give a sentence like "implement a certain function", otherwise workers may expand environment, dependencies, or related technical debts into their own tasks.
The template is placed in , containing two copyable paragraphs:
templates/worker-prompt.md- Bootstrap-only prompt: only creates , suitable for the first message of high-latency providers or high-effort models.
STATUS.json - Full worker prompt: organized by Context/Background/Mission/Scope/Deliverables/Process/Verification/Autonomy/Out of Scope/PM Correction, close to the writing style when assigning subagents.
For high-latency providers or high-effort models, prioritize two-stage startup: the first message uses Bootstrap-only prompt to create and report runtime; after PM confirms the checkpoint, send the Full worker prompt. This avoids workers having no observable status before long thinking.
Session Context/STATUS.json5.1 模板使用纪律(必读,实测踩坑)
5.1 Template Usage Discipline (Must Read, Tested Pitfalls)
PM 派 worker 时必须以 的 Full Worker Prompt 为骨架,把业务任务(Issue / 任务卡 / 内容)填进 Background / Mission / Scope / Deliverables / Verification 字段。不要用自定义简化 prompt(例如只写一个 BOOTSTRAP.md 指向业务 文件)替代模板骨架——即便业务 文件写得很细,没有模板骨架的编排层硬约束,worker 仍会在流程层失守。
templates/worker-prompt.md.task-issueN.md.task.task模板里这些段落是 worker 可观测性和收口正确性的硬约束,省略会直接导致收口失败(以下后果均有实测对应):
- Isolation Gate:worker 先确认 /
pwd,否则可能在 main 或错误 worktree 误改。git branch - Heartbeat cadence(每 10 分钟强制更 STATUS,即使无进展也写 ):PM 靠
phase=thinking-deep检测 silent worker。省略则 worker 写一次初始 STATUS 后再也不更新,PM 巡检信号失真、无法判断卡点。STATUS.updated_at - Commit Cadence + "commit 是强制收尾步骤":即使任务要求"不 push / 不开 PR",worker 也必须先 +
git add自己的产出。省略则 worker 改完文件不 commit,PM 收口时git commit验的是空 diff(HEAD 仍在 base,假通过),PM 只能替 worker commit。rebase / reset 后尤其要重新确认改动已 commit。git diff --check main...HEAD - Canonical terminal status(字面值):sentinel 状态机按字面
status="done"匹配。省略则 worker 可能写done/completed同义词,sentinel 不退出、PM 不被 harness 唤醒、worker 孤儿到finished超时。--max-wait
业务任务文件( 等)可作为 Mission / Scope 的附件让 worker 读取,但编排层骨架(Isolation Gate / Heartbeat / Commit / done 字面值)必须来自模板,不能靠业务文件或自定义 BOOTSTRAP 兜底。PM 若发现自己在手写 BOOTSTRAP 替代模板,应停下,改为套用 再派发。
.task-issueN.mdtemplates/worker-prompt.mdWhen assigning workers, PM must use the Full Worker Prompt skeleton from , and fill business tasks (Issue/task card/ content) into Background/Mission/Scope/Deliverables/Verification fields. Do not use custom simplified prompts (e.g., only write a BOOTSTRAP.md pointing to business files) to replace the template skeleton—even if the business file is written in detail, without the hard constraints of the orchestration layer skeleton, workers will still lose control at the process layer.
templates/worker-prompt.md.task-issueN.md.task.taskThese paragraphs in the template are hard constraints for worker observability and wrap-up correctness, and omitting them will directly lead to wrap-up failure (the following consequences have corresponding actual tests):
- Isolation Gate: Worker first confirms /
pwd, otherwise may modify by mistake in main or wrong worktree.git branch - Heartbeat cadence (force update STATUS every 10 minutes, even write if no progress): PM relies on
phase=thinking-deepto detect silent workers. Omitting it causes workers to write initial STATUS once and never update again, distorting PM inspection signals and making it impossible to judge stuck points.STATUS.updated_at - Commit Cadence + "commit is a mandatory wrap-up step": Even if the task requires "no push/no PR", workers must first +
git addtheir outputs. Omitting it causes workers to modify files without committing, and PM verifies empty diff when wrapping up withgit commit(HEAD is still at base, false pass), and PM has to commit for workers. Especially after rebase/reset, reconfirm that changes have been committed.git diff --check main...HEAD - Canonical terminal status (literal ): The sentinel state machine matches literal
status="done". Omitting it causes workers to write synonyms likedone/completed, sentinel does not exit, PM is not woken up by harness, and worker becomes orphan untilfinishedtimeout.--max-wait
Business task files (, etc.) can be attached to Mission/Scope for workers to read, but the orchestration layer skeleton (Isolation Gate/Heartbeat/Commit/done literal) must come from the template, cannot rely on business files or custom BOOTSTRAP for fallback. If PM finds himself writing BOOTSTRAP instead of using the template, he should stop and instead apply before assigning.
.task-issueN.mdtemplates/worker-prompt.md6. 启动方式
6. Startup Methods
默认工具面保持收敛:
- :新机器或启动 Wave 前做一次 preflight。
check-dependencies.sh - :Claude Code 第三方 provider worker 的 registry/settings-derived env 隔离 wrapper。
claude-provider-env.sh - :为每个 worker 渲染 backend/settings/profile/model/slot 和启动命令。
render-runtime-profile.sh - :创建 worktree、Session Context 和 tmux session。
spawn-worker.sh - :每个 worker 一个,PM 用
sentinel.sh启,worker 终态时唤起 PM(见 §7.2)。run_in_background=true - :多 worker/Wave 巡检;单 worker 或宿主唤醒才用
pm-monitor.sh。wait-worker.sh
项目配置模板见 。PM 可以把其中的 trunk、验证命令和 provider slot 复制到本轮 Goal/Wave 计划,但脚本不会自动套用该配置。
templates/project-config.json其余脚本只在对应场景使用: 做只读总览, 做 dry-run 清理, / 只做 Skill 自测, 只是可选可视化辅助,不属于默认启动路径。
worktree-status.shclean-worktree.shsmoke-tmux-worker.shlint-wait-script.shterminal-split.sh默认用 创建 worktree、Session Context 和 tmux session;它只负责隔离和启动,PM 仍必须发送 并确认 。不同 backend/profile 的启动命令可先用 生成,减少手写环境差异。
scripts/spawn-worker.shtemplates/worker-prompt.mdSTATUS.jsonscripts/render-runtime-profile.shbash
eval "$(bash scripts/render-runtime-profile.sh \
--backend claude-code \
--runtime-profile minimax \
--api-provider minimax \
--model m3 \
--provider-slot minimax-1 \
--provider-registry config/claude-providers.local.json)"
bash scripts/spawn-worker.sh \
--project /path/to/repo \
--branch docs/ch01-agent-intro \
--session legal-ch01 \
--worker-backend "$WORKER_BACKEND" \
--runtime-profile "$RUNTIME_PROFILE" \
--api-provider "$API_PROVIDER" \
--model "$MODEL" \
--provider-slot "$PROVIDER_SLOT" \
--env-isolation "$PROVIDER_ENV_ISOLATION" \
--verify-cmd 'npm run typecheck' \
--command "$WORKER_COMMAND"启动后必须通过最小门禁: 存活、pane cwd 指向 worktree、 等于目标分支、 已记录 base/runtime/verification、 在 1-2 分钟内出现。失败时停止 session 或发送 bootstrap correction,不要在 PM 主目录继续实现。
tmux has-sessiongit branch --show-currentSession Context/METADATA.jsonSession Context/STATUS.json常用 worker command:
- Claude Code 第三方 provider(推荐 registry):用 生成命令;默认会包
render-runtime-profile.sh --backend claude-code --provider-registry <local-registry.json> --api-provider <provider-id> --model <model-alias>,并把模型别名解析成真实scripts/claude-provider-env.sh。真实 registry 不提交;模板见claude --model <provider-model>。config/claude-provider-registry.example.json - Claude Code 第三方 provider(兼容 settings):也可用 生成命令;真实 settings 不提交;模板见
render-runtime-profile.sh --backend claude-code --settings <local-provider.settings.json> --model <provider-model>。启动后必须检查 banner 模型名;若仍显示用户默认 provider,先停 worker 排查 registry/settings / wrapper / 环境继承。config/claude-provider-settings.example.json - Claude Code 订阅/OAuth:。
env -u ANTHROPIC_API_KEY -u ANTHROPIC_AUTH_TOKEN -u ANTHROPIC_BASE_URL claude --permission-mode auto - Claude Code 批处理:用 生成;第三方 provider 同样默认包
render-runtime-profile.sh --backend claude-code --mode batch --settings <settings> --model <provider-model> --prompt-file /tmp/task.prompt.md,batch 输出会自动包claude-provider-env.sh处理重定向。bash -lc - Codex:。
codex exec -a never -s danger-full-access - < /tmp/task.prompt.md - OpenCode:,或交互式
opencode run --format json --model <provider/model> "$(cat /tmp/task.prompt.md)"。opencode --model <provider/model> - WorkBuddy / CodeBuddy():用
codebuddy生成;吃 WorkBuddy 桌面端登录态和平台额度,无需 API Key。详见render-runtime-profile.sh --backend codebuddy --model <平台模型> [--no-mcp] [--dangerously-skip-permissions]。references/08-workbuddy-cli-worker.md - QoderWork CN():用
qoderclicn生成;脚本自动前置render-runtime-profile.sh --backend qoderwork-cn --model <平台模型> [--no-mcp] [--dangerously-skip-permissions]清除 SDK 变量、处理含空格的二进制路径。详见env -u。references/07-qoderwork-cli-worker.md - 自定义 CLI:任何能在指定 cwd 运行、接收 prompt、落盘 checkpoint 的命令。
<bash -lcspawn-worker.sh:305tmux new-session -d -s "$SESSION" -c "$WORKTREE" "$COMMAND"<>|&&--command<bash -lc 'real-command < /tmp/prompt.md'--max-wait--command 'claude -p < /tmp/x.md'--command "bash -lc 'claude -p < /tmp/x.md'"claude batch 模式有 autocompact thrash 风险(FaroPDF Wave 1 实战,见 [DEC-033]): 是 print-and-exit 一发跑完模式,PM 无法中途纠偏。大 prompt(> 5KB)+ 大项目 codebase 会触发 claude 内部 3 次后自动终止,worker 永远不到达终态,sentinel 等到 。规避:(a)拆小 prompt < 3KB;(b)改用交互式 + 投递 prompt(可纠偏);(c)窄 scope worker(避免 claude 加载整个 codebase context)。
-p-pAutocompact is thrashing--max-waitclaudetmux send-keys不要设 :PM 重点是检测 worker 是否真在推进,而不是限制 turn 数。长任务通过 、阶段性 commit、 stale 事件和 PM 纠偏控制。
--max-turnsSTATUS.json.updated_atpm-monitor.shClaude Code agent view / 官方后台会话可作为 Claude 专用后端:、、版本支持时的 、 或 。使用前以本机 / 为准;只有能证明独立 cwd/worktree、可巡检状态和可接管会话时,才可替代 tmux。
claude agentsclaude agents --json--worktree --tmux--bg/bgclaude --helpclaude agents --helpAgent Teams 适合 Claude Code 团队式协作;仍要使用 worktree 隔离并把 指向带来源前缀的 worktree。ACP 只在 adapter 已稳定、能输出结构化状态时启用。Subagent 仅用于轻量、边界窄、输入少的任务;需要长时间写作、独立提交 PR 或跨大量材料整合时升级为 tmux / agent view / Agent Teams。
workdirDefault tool surface remains convergent:
- : Perform preflight once before starting Wave on a new machine.
check-dependencies.sh - : Registry/settings-derived env isolation wrapper for Claude Code third-party provider workers.
claude-provider-env.sh - : Render backend/settings/profile/model/slot and startup command for each worker.
render-runtime-profile.sh - : Create worktree, Session Context, and tmux session.
spawn-worker.sh - : One per worker, PM starts with
sentinel.sh, wakes up PM when worker reaches terminal state (see §7.2).run_in_background=true - : Inspection for multiple workers/Waves; use
pm-monitor.shonly for single worker or host wake-up.wait-worker.sh
Project configuration template see . PM can copy trunk, verification commands, and provider slots from it to the current Goal/Wave plan, but scripts will not automatically apply this configuration.
templates/project-config.jsonOther scripts are only used in corresponding scenarios: for read-only overview, for dry-run cleanup, / only for Skill self-test, is only optional visualization aid, not part of the default startup path.
worktree-status.shclean-worktree.shsmoke-tmux-worker.shlint-wait-script.shterminal-split.shBy default, use to create worktree, Session Context, and tmux session; it only responsible for isolation and startup, PM still must send and confirm . Startup commands for different backends/profiles can be generated first with to reduce manual environment differences.
scripts/spawn-worker.shtemplates/worker-prompt.mdSTATUS.jsonscripts/render-runtime-profile.shbash
eval "$(bash scripts/render-runtime-profile.sh \
--backend claude-code \
--runtime-profile minimax \
--api-provider minimax \
--model m3 \
--provider-slot minimax-1 \
--provider-registry config/claude-providers.local.json)"
bash scripts/spawn-worker.sh \
--project /path/to/repo \
--branch docs/ch01-agent-intro \
--session legal-ch01 \
--worker-backend "$WORKER_BACKEND" \
--runtime-profile "$RUNTIME_PROFILE" \
--api-provider "$API_PROVIDER" \
--model "$MODEL" \
--provider-slot "$PROVIDER_SLOT" \
--env-isolation "$PROVIDER_ENV_ISOLATION" \
--verify-cmd 'npm run typecheck' \
--command "$WORKER_COMMAND"After startup, must pass the minimum gate: is alive, pane cwd points to worktree, equals target branch, has recorded base/runtime/verification, appears within 1-2 minutes. If failed, stop session or send bootstrap correction, do not continue implementation in PM main directory.
tmux has-sessiongit branch --show-currentSession Context/METADATA.jsonSession Context/STATUS.jsonCommon Worker Commands:
- Claude Code third-party provider (recommended registry): Use to generate command; by default wraps
render-runtime-profile.sh --backend claude-code --provider-registry <local-registry.json> --api-provider <provider-id> --model <model-alias>, and parses model alias into realscripts/claude-provider-env.sh. Real registry is not submitted; template seeclaude --model <provider-model>.config/claude-provider-registry.example.json - Claude Code third-party provider (compatible settings): Can also use to generate command; real settings are not submitted; template see
render-runtime-profile.sh --backend claude-code --settings <local-provider.settings.json> --model <provider-model>. After startup, must check banner model name; if still displays user default provider, stop worker first to troubleshoot registry/settings/wrapper/environment inheritance.config/claude-provider-settings.example.json - Claude Code subscription/OAuth: .
env -u ANTHROPIC_API_KEY -u ANTHROPIC_AUTH_TOKEN -u ANTHROPIC_BASE_URL claude --permission-mode auto - Claude Code batch processing: Use to generate; third-party providers also wrap
render-runtime-profile.sh --backend claude-code --mode batch --settings <settings> --model <provider-model> --prompt-file /tmp/task.prompt.mdby default, and batch output is automatically wrapped withclaude-provider-env.shto handle redirection.bash -lc - Codex: .
codex exec -a never -s danger-full-access - < /tmp/task.prompt.md - OpenCode: , or interactive
opencode run --format json --model <provider/model> "$(cat /tmp/task.prompt.md)".opencode --model <provider/model> - WorkBuddy/CodeBuddy (): Use
codebuddyto generate; uses WorkBuddy desktop login state and platform quota, no API Key required. Seerender-runtime-profile.sh --backend codebuddy --model <platform model> [--no-mcp] [--dangerously-skip-permissions]for details.references/08-workbuddy-cli-worker.md - QoderWork CN (): Use
qoderclicnto generate; script automatically prependsrender-runtime-profile.sh --backend qoderwork-cn --model <platform model> [--no-mcp] [--dangerously-skip-permissions]to clear SDK variables and handles binary paths with spaces. Seeenv -ufor details.references/07-qoderwork-cli-worker.md - Custom CLI: Any command that can run in specified cwd, receive prompt, and save checkpoint to disk.
<bash -lcspawn-worker.sh:305tmux new-session -d -s "$SESSION" -c "$WORKTREE" "$COMMAND"<>|&&--command<bash -lc 'real-command < /tmp/prompt.md'--max-wait--command 'claude -p < /tmp/x.md'--command "bash -lc 'claude -p < /tmp/x.md'"claude batch mode has autocompact thrash risk (FaroPDF Wave 1 practice, see [DEC-033]): is print-and-exit one-time run mode, PM cannot correct midway. Large prompt (>5KB) + large project codebase will trigger claude internal 3 times and then automatically terminate, worker never reaches terminal state, sentinel waits until . Avoidance: (a) split prompt to <3KB; (b) use interactive + to deliver prompt (correctable); (c) narrow scope worker (avoid claude loading entire codebase context).
-p-pAutocompact is thrashing--max-waitclaudetmux send-keysDo not set : PM focuses on detecting whether workers are really advancing, not limiting the number of turns. Long tasks are controlled via , phased commits, stale events, and PM corrections.
--max-turnsSTATUS.json.updated_atpm-monitor.shClaude Code agent view/official backend sessions can be used as Claude-specific backends: , , , or when version supports. Use local / as standard before use; only can replace tmux if it can prove independent cwd/worktree, inspectable status, and takable sessions.
claude agentsclaude agents --json--worktree --tmux--bg/bgclaude --helpclaude agents --helpAgent Teams is suitable for Claude Code team-style collaboration; still need to use worktree isolation and point to worktree with source prefix. ACP is only enabled when adapter is stable and can output structured status. Subagent is only used for lightweight, narrow-boundary, low-input tasks; upgrade to tmux/agent view/Agent Teams when long-time writing, independent PR submission, or integration across large amounts of materials is needed.
workdir7. 巡检与介入
7. Inspection and Intervention
PM 巡检信号:
- worktree 是否有文件落盘、commit、PR。
- 是否记录 base ref、runtime profile、provider slot、验证命令和 PR 占位。
.claude/agent-sessions/<session-id>/METADATA.json - 是否更新,是否报告 blocked / needs_input / done。
.claude/agent-sessions/<session-id>/STATUS.json - 和
.claude/agent-sessions/<session-id>/RESULT.md是否存在,摘要是否足够 PM 不读完整日志也能验收。PATCH_SUMMARY.md - tmux pane 是否长时间只读材料、等待确认、偏题联网、反复规划不执行。
- worker 是否扩大改动范围或触碰共享文件。
- PR diff 是否只覆盖声明范围。
介入规则:
- 有持续输出、checkpoint 更新或文件在增长时继续等待。
- 启动后 1-2 分钟仍没有 时,先发送 checkpoint-only 纠偏;仍无响应时中断当前思考并重发 bootstrap 指令,不直接接管实现。
Session Context/STATUS.json - 长时间无落盘但仍在规划时,先发送更窄的“先写目标文件”命令。
- worker 跳过 10-15 分钟 STATUS 心跳或 30-60 分钟阶段性 commit 时,PM 主动发送纠偏,要求立刻更新 STATUS 或提交当前已验证阶段;5 分钟内仍无 STATUS/commit/文件进展变化时,升级为重启 worker、派 reviewer 或 PM 窄范围收口。
- 发现轻度偏题、范围扩大、开始修环境/依赖、等待确认或验证方式偏离时,优先通过 tmux / agent view / inbox 发送纠偏指令,让 worker 自己回到范围内执行。
- 只有连续两次纠偏无效、worker 继续触碰禁止范围、准备执行破坏性 Git/文件操作、泄露敏感信息、或已无法在原 session 内恢复时,才停止 session 并由 PM 接管。
- 失败、重启或停止前先保留 worktree 和 ,避免丢失已落盘产物。
Session Context
tmux 纠偏示例:
bash
tmux send-keys -t legal-ch01 -l -- "PM correction: stop dependency/runtime changes now. Return to ISS-017 only. Do not modify package files or environment config. Update .claude/agent-sessions/legal-ch01/STATUS.json with needs_input=false and continue with the OCR quality report scope."
sleep 0.1
tmux send-keys -t legal-ch01 Enter纠偏 prompt 应包含四件事:停止什么、回到哪个任务、哪些文件/动作仍然禁止、下一步最小可执行动作。不要只写“你偏题了”。
完整字段见 ,可复制模板见 、 和 。PM 默认只读这些 checkpoint 和最终 diff,不定时拉完整日志。
references/03-checkpoint-files.mdtemplates/checkpoint-status.jsontemplates/checkpoint-result.mdtemplates/checkpoint-patch-summary.md可选自动 PM 监控脚本(保留 Agent Teams inbox、任务状态、Git SHA、PR 状态和 tmux session 多维巡检能力):
bash
bash scripts/pm-monitor.sh \
--project /path/to/repo \
--team-dir ~/.claude/teams/team-name \
--tasks-dir ~/.claude/tasks/tasks-uuid \
--claude-agents-cwd /path/to/repo \
--wave-id wave-5 \
--commit-stale-threshold 1800 \
--progress-stale-threshold 1800 \
--interval 60 \
--log-file .claude/agent-sessions/pm-monitor/events.log \
--branch docs/ch01-agent-intro:legal-ch01经济型巡检规则:
- 不要让 PM 主会话每隔几分钟手动读取 worker 日志;那会抵消多 Agent 的 token efficiency。
- 轻量检查用 ,由 PM 在需要判断是否介入时运行一次,只读取事件行。
pm-monitor.sh --once - 长任务用独立 shell/tmux/background job 运行 ,脚本持续写事件日志;PM 只在状态变化、用户询问、PR 收口或日志出现
pm-monitor.sh --log-file .../AGENT_NEEDS_INPUT/CHECKPOINT_STALE时读取少量日志。CHECKPOINT_TEST_FAILURE - 当前脚本只负责输出事件和写日志;是否自动唤起 PM 取决于宿主环境是否提供 automation / monitor / webhook。没有宿主唤醒能力时,默认用 或低频读取 log tail,仍比前台反复巡检节省上下文。
--once - 只记录 PM 决策必需的结构化信号,详细实现说明继续写
STATUS.json和RESULT.md。PATCH_SUMMARY.md - 单个 worker 的只读总览用 ;清理用
scripts/worktree-status.sh,默认 dry-run,真正删除必须显式scripts/clean-worktree.sh。--execute
PM Inspection Signals:
- Whether worktree has files saved to disk, commits, PRs.
- Whether records base ref, runtime profile, provider slot, verification commands, and PR placeholder.
.claude/agent-sessions/<session-id>/METADATA.json - Whether is updated, whether it reports blocked/needs_input/done.
.claude/agent-sessions/<session-id>/STATUS.json - Whether and
.claude/agent-sessions/<session-id>/RESULT.mdexist, whether the summary is sufficient for PM to accept without reading full logs.PATCH_SUMMARY.md - Whether tmux pane reads materials for a long time, waits for confirmation, goes off-topic online, repeatedly plans without execution.
- Whether workers expand modification scope or touch shared files.
- Whether PR diff only covers declared scope.
Intervention Rules:
- Continue waiting when there is continuous output, checkpoint update, or file growth.
- When still does not appear 1-2 minutes after startup, first send checkpoint-only correction; if still no response, interrupt current thinking and resend bootstrap instruction, do not directly take over implementation.
Session Context/STATUS.json - When no files are saved for a long time but still planning, first send a narrower command "write target file first".
- When workers skip 10-15 minutes STATUS heartbeat or 30-60 minutes phased commit, PM actively sends correction, requiring immediate STATUS update or submission of current verified phase; if no STATUS/commit/file progress change within 5 minutes, upgrade to restart worker, assign reviewer, or PM narrow-range wrap-up.
- When mild off-topic, scope expansion, starting to fix environment/dependencies, waiting for confirmation, or verification method deviation is found, prioritize sending correction instructions via tmux/agent view/inbox, let workers return to scope execution by themselves.
- Only stop the session and take over by PM when continuous correction fails twice, workers continue to touch forbidden scope, prepare to execute destructive Git/file operations, leak sensitive information, or cannot recover in the original session.
- Retain worktree and before failure, restart, or stop, avoid losing saved outputs.
Session Context
tmux Correction Example:
bash
tmux send-keys -t legal-ch01 -l -- "PM correction: stop dependency/runtime changes now. Return to ISS-017 only. Do not modify package files or environment config. Update .claude/agent-sessions/legal-ch01/STATUS.json with needs_input=false and continue with the OCR quality report scope."
sleep 0.1
tmux send-keys -t legal-ch01 EnterCorrection prompt should include four things: what to stop, which task to return to, which files/actions are still forbidden, next minimal executable action. Do not only write "you are off-topic".
Complete fields see , copyable templates see , , and . PM defaults to reading only these checkpoints and final diff, does not pull full logs regularly.
references/03-checkpoint-files.mdtemplates/checkpoint-status.jsontemplates/checkpoint-result.mdtemplates/checkpoint-patch-summary.mdOptional Automatic PM Monitoring Script (retains multi-dimensional inspection capabilities for Agent Teams inbox, task status, Git SHA, PR status, and tmux session):
bash
bash scripts/pm-monitor.sh \
--project /path/to/repo \
--team-dir ~/.claude/teams/team-name \
--tasks-dir ~/.claude/tasks/tasks-uuid \
--claude-agents-cwd /path/to/repo \
--wave-id wave-5 \
--commit-stale-threshold 1800 \
--progress-stale-threshold 1800 \
--interval 60 \
--log-file .claude/agent-sessions/pm-monitor/events.log \
--branch docs/ch01-agent-intro:legal-ch01Economical Inspection Rules:
- Do not let PM main session manually read worker logs every few minutes; this will offset token efficiency of multi-agent.
- Use for lightweight check, run once by PM when needing to judge whether to intervene, only read event lines.
pm-monitor.sh --once - For long tasks, run in independent shell/tmux/background job, script continuously writes event logs; PM only reads a small amount of logs when status changes, user asks, PR wraps up, or logs show
pm-monitor.sh --log-file .../AGENT_NEEDS_INPUT/CHECKPOINT_STALE.CHECKPOINT_TEST_FAILURE - Current script only responsible for outputting events and writing logs; whether to automatically wake up PM depends on whether the host environment provides automation/monitor/webhook. When no host wake-up capability, default to or low-frequency reading of log tail, still saves context compared to repeated foreground inspection.
--once - only records structured signals necessary for PM decision-making, detailed implementation instructions continue to be written in
STATUS.jsonandRESULT.md.PATCH_SUMMARY.md - Use for read-only overview of single worker; use
scripts/worktree-status.shfor cleanup, default dry-run, explicitscripts/clean-worktree.shrequired for real deletion.--execute
7.1 主动等待与宿主唤醒
7.1 Active Waiting and Host Wake-Up
scripts/wait-worker.shpm-monitor.shSTATUS.jsondonefailedblockedstoppedRESULT.mdPATCH_SUMMARY.md状态源分层:
- 是 PM 启动时写入的静态上下文,记录 base/runtime/provider/verification,不作为完成判定。
METADATA.json - /
STATUS.json/RESULT.md是完成、阻塞、验证和收口的主协议。PATCH_SUMMARY.md - 是诊断窗口,只在 checkpoint 缺失、过期、终态或显式要求时读取尾部输出。
tmux capture-pane - 不用 tmux pane 文本判断任务完成;完成标准仍是 checkpoint、git diff、验证和 PR 状态。
Claude Code PM:
-
Bash background/run-in-background 只能让等待器在后台运行,不保证触发或唤醒当前 PM / agent session;多 worker 同时等待时尤其可能没有任何完成消息返回。
-
不要把 background Bash 当作可靠完成通知机制。它最多作为日志写入器或人工可查看的后台 job;PM 仍必须靠、
STATUS.json、pm-monitor.sh --log-file、tmux/agent view 显式巡检来收口。wait-worker.sh --once -
单 worker 可临时用 background Bash 跑,但启动时必须同时记录 log 文件或保留可查询命令;多 worker / Wave 默认使用
wait-worker.sh,不要为每个 worker 启一个 background wait 并期待宿主逐个回调。pm-monitor.sh --log-file -
限定条件例外:§7.2 描述的 Sentinel 模式是本规则的"限定条件下可工作变体"——单 worker 单 sentinel、启、harness 100% re-invoke 可工作。Wave 6 启用 sentinel 之前仍按上述保守判断走。
run_in_background=truebashbash scripts/wait-worker.sh \ --worktree .claude/worktrees/tmux-ch01-agent-intro \ --session legal-ch01 \ --tmux-session legal-ch01 \ --interval 30
Codex PM:
- Codex CLI 的后台 shell 不会自动把完成事件推回当前对话;不要假定它等价于 Claude Code 。
run_in_background - 在 Codex App 中,优先把 接到当前 thread 的 heartbeat automation;完整 prompt 见
wait-worker.sh --once。创建、修改或删除 automation 时必须先查找并使用templates/codex-heartbeat-wait.md工具,不手写 raw RRULE。automation_update - 没有 heartbeat/automation 能力时,Codex PM 使用 或
pm-monitor.sh --once低频手动巡检;长任务仍用wait-worker.sh --once持续记录事件。pm-monitor.sh --log-file
wait-worker.shpm-monitor.shscripts/wait-worker.shpm-monitor.shSTATUS.jsonRESULT.mdPATCH_SUMMARY.mddonefailedblockedstoppedStatus Source Hierarchy:
- is static context written by PM at startup, records base/runtime/provider/verification, not used as completion judgment.
METADATA.json - /
STATUS.json/RESULT.mdare main protocols for completion, blockage, verification, and wrap-up.PATCH_SUMMARY.md - is diagnostic window, only read tail output when checkpoint is missing, expired, terminal, or explicitly requested.
tmux capture-pane - Do not use tmux pane text to judge task completion; completion criteria are still checkpoint, git diff, verification, and PR status.
Claude Code PM:
-
Bash background/run-in-background can only let the waiter run in the background, does not guarantee triggering or waking up current PM/agent session; especially when multiple workers are waiting simultaneously, no completion message may be returned.
-
Do not treat background Bash as a reliable completion notification mechanism. At most, it serves as a log writer or manually viewable background job; PM still must rely on,
STATUS.json,pm-monitor.sh --log-file, tmux/agent view explicit inspection to wrap up.wait-worker.sh --once -
Single worker can temporarily use background Bash to run, but must record log file or retain queryable command when starting; default to
wait-worker.shfor multiple workers/Waves, do not start a background wait for each worker and expect host to callback one by one.pm-monitor.sh --log-file -
Limited Condition Exception: The Sentinel mode described in §7.2 is a "limited condition working variant" of this rule—single worker single sentinel, started with, harness 100% re-invoke works. Before Wave 6 enables sentinel, still follow the above conservative judgment.
run_in_background=truebashbash scripts/wait-worker.sh \ --worktree .claude/worktrees/tmux-ch01-agent-intro \ --session legal-ch01 \ --tmux-session legal-ch01 \ --interval 30
Codex PM:
- Codex CLI's background shell will not automatically push completion events back to current conversation; do not assume it is equivalent to Claude Code .
run_in_background - In Codex App, prioritize connecting to heartbeat automation of current thread; complete prompt see
wait-worker.sh --once. Must usetemplates/codex-heartbeat-wait.mdtool first when creating, modifying, or deleting automation, do not write raw RRULE manually.automation_update - When no heartbeat/automation capability, Codex PM uses or
pm-monitor.sh --oncefor low-frequency manual inspection; still usewait-worker.sh --oncefor long tasks to continuously record events.pm-monitor.sh --log-file
wait-worker.shpm-monitor.sh7.2 Sentinel bash 模式(事件驱动 PM 唤醒)
7.2 Sentinel bash Mode (Event-Driven PM Wake-Up)
适用:Wave 6 之后,每个 worker 配套启一个 sentinel,PM 由 harness task-notification 事件驱动地唤醒,零 idle token 消耗,保留多轮纠偏能力。设计依据见;DEC-031 supersede DEC-030 的限定条件判断。references/04-sentinel-design.md
模式:每个 worker 配一个 进程。Sentinel 轮询 ,
读到 时 capture tmux pane tail、、
。Sentinel 由 PM 用 启,exit 触发 harness
task-notification → PM 被 re-invoke。
scripts/sentinel.shSTATUS.jsondone | failed | blocked | stoppedtmux kill-sessionexitrun_in_background=truePM 端调用模式:每 worker 两次 Bash 调用:
bash
undefinedApplicable: After Wave 6, each worker is matched with a sentinel, PM is woken up by harness task-notification event-driven, zero idle token consumption, retains multi-round correction capability. Design basis see; DEC-031 supersede DEC-030 limited condition judgment.references/04-sentinel-design.md
Mode: Each worker is matched with a process. Sentinel polls ,
when reading , captures tmux pane tail, ,
. Sentinel is started by PM with , exit triggers harness
task-notification → PM is re-invoke.
scripts/sentinel.shSTATUS.jsondone | failed | blocked | stoppedtmux kill-sessionexitrun_in_background=truePM-Side Calling Mode: Two Bash calls per worker:
bash
undefined1) Foreground: 创建 worktree + 启动 worker + 拿 gate 验证
1) Foreground: create worktree + start worker + verify gate
bash scripts/spawn-worker.sh
--project /path/to/repo
--branch docs/ch01-agent-intro
--session legal-ch01
--with-sentinel \ # 仅打印 SPAWN_WORKER_SENTINEL_CMD,不在内部启 --command "$WORKER_COMMAND"
--project /path/to/repo
--branch docs/ch01-agent-intro
--session legal-ch01
--with-sentinel \ # 仅打印 SPAWN_WORKER_SENTINEL_CMD,不在内部启 --command "$WORKER_COMMAND"
bash scripts/spawn-worker.sh
--project /path/to/repo
--branch docs/ch01-agent-intro
--session legal-ch01
--with-sentinel \ # Only print SPAWN_WORKER_SENTINEL_CMD, not start internally --command "$WORKER_COMMAND"
--project /path/to/repo
--branch docs/ch01-agent-intro
--session legal-ch01
--with-sentinel \ # Only print SPAWN_WORKER_SENTINEL_CMD, not start internally --command "$WORKER_COMMAND"
2) Background: sentinel 事件驱动 wake
2) Background: sentinel event-driven wake
从 spawn-worker.sh 输出里复制 SPAWN_WORKER_SENTINEL_CMD 那行
Copy the SPAWN_WORKER_SENTINEL_CMD line from spawn-worker.sh output
bash scripts/sentinel.sh
--status-file .claude/worktrees/tmux-docs-ch01-agent-intro/.claude/agent-sessions/legal-ch01/STATUS.json
--tmux-session legal-ch01
--poll-interval 5
--max-wait 7200
--status-file .claude/worktrees/tmux-docs-ch01-agent-intro/.claude/agent-sessions/legal-ch01/STATUS.json
--tmux-session legal-ch01
--poll-interval 5
--max-wait 7200
bash scripts/sentinel.sh
--status-file .claude/worktrees/tmux-docs-ch01-agent-intro/.claude/agent-sessions/legal-ch01/STATUS.json
--tmux-session legal-ch01
--poll-interval 5
--max-wait 7200
--status-file .claude/worktrees/tmux-docs-ch01-agent-intro/.claude/agent-sessions/legal-ch01/STATUS.json
--tmux-session legal-ch01
--poll-interval 5
--max-wait 7200
↑ 用 Bash run_in_background=true 启
↑ Start with Bash run_in_background=true
**为什么不在 spawn-worker.sh 内部启 sentinel**:
- `spawn-worker.sh` 是 fg 工具,sentinel 是 bg 工具,职责分离
- 避免单 Bash 调用内 fork 多个 background(auto mode 拒率更高)
- PM 显式 opt-in 收 sentinel 通知(`run_in_background=true`)是 harness re-invoke 的前提
**Sentinel 事件命名空间**(独立于 `WAIT_WORKER_*`):
| 事件 | 触发 |
|------|------|
| `SENTINEL_START` | 启动时 |
| `SENTINEL_PENDING` | STATUS.json 缺失 |
| `SENTINEL_PANE_TAIL` | capture pane 前(best-effort)|
| `SENTINEL_TERMINAL` | 检测到 `done` / `failed` / `blocked` / `stopped` |
| `SENTINEL_TMUX_KILLED` / `SENTINEL_TMUX_GONE` | kill tmux 之后 |
| `SENTINEL_TIMEOUT` | `--max-wait` 到了还没看到终态 |
**PM 收到 notification 后的标准动作**见 `templates/pm-sentinel-response.md`:
- Exit 0 = done:读 RESULT/PATCH_SUMMARY,跑 verify,review,merge
- Exit 2 = failed/blocked/stopped:读 STATUS.issues 决定 restart / block / defer
- Exit 124 = timeout:检查 worker tmux + STATUS 状态,纠偏或重启
- Exit 64 = usage error:检查 `--status-file` / `--tmux-session` 与 spawn-worker 一致性
**降级路径**:如果 sentinel 没启起来(auto mode 拒 / SIGKILL / 参数错),PM 回到 §7.1
行为:单 worker 用 `wait-worker.sh --once`,多 worker 用 `pm-monitor.sh --log-file`。
降级是 graceful 的,不是失败。
**调优建议**:
- `--poll-interval`:默认 5s。worker 单次 thinking 短时降到 1s,长时保持 5s
- `--max-wait`:默认 7200s(2h)。长 worker 拆 sub-task,每个 sub-task 自己的 max-wait
- `--keep-tmux-on-terminal`:review 阶段不杀 tmux,便于 PM tmux capture-pane 看 worker 收尾
- `--pane-tail-lines 0`:不需要 pane 快照时关掉,少 1 个 tmux capture-pane 调用
**已知不覆盖**:
- 多 sentinel 对单 worker 去重:PM 行为层保证 1:1
- Codex / OpenCode 路径:暂未实测,Codex 走 `templates/codex-heartbeat-wait.md`
- 高频 polling 风暴:worker 集群大、polling 间隔 < 2s 时单 worker CPU 可能略高,按需调
**Why not start sentinel inside spawn-worker.sh**:
- `spawn-worker.sh` is fg tool, sentinel is bg tool, separate responsibilities
- Avoid forking multiple backgrounds in single Bash call (higher rejection rate in auto mode)
- PM explicit opt-in to receive sentinel notifications (`run_in_background=true`) is prerequisite for harness re-invoke
**Sentinel Event Namespace** (independent of `WAIT_WORKER_*`):
| Event | Trigger |
|-------|---------|
| `SENTINEL_START` | On startup |
| `SENTINEL_PENDING` | STATUS.json missing |
| `SENTINEL_PANE_TAIL` | Before capturing pane (best-effort) |
| `SENTINEL_TERMINAL` | Detect `done`/`failed`/`blocked`/`stopped` |
| `SENTINEL_TMUX_KILLED`/`SENTINEL_TMUX_GONE` | After killing tmux |
| `SENTINEL_TIMEOUT` | Terminal state not seen when `--max-wait` reached |
**Standard Actions After PM Receives Notification** see `templates/pm-sentinel-response.md`:
- Exit 0 = done: read RESULT/PATCH_SUMMARY, run verify, review, merge
- Exit 2 = failed/blocked/stopped: read STATUS.issues to decide restart/block/defer
- Exit 124 = timeout: check worker tmux + STATUS status, correct or restart
- Exit 64 = usage error: check consistency of `--status-file`/`--tmux-session` with spawn-worker
**Downgrade Path**: If sentinel fails to start (auto mode rejection/SIGKILL/parameter error), PM returns to §7.1
behavior: use `wait-worker.sh --once` for single worker, use `pm-monitor.sh --log-file` for multiple workers.
Downgrade is graceful, not a failure.
**Tuning Suggestions**:
- `--poll-interval`: default 5s. Reduce to 1s when worker's single thinking is short, keep 5s when long
- `--max-wait`: default 7200s (2h). Split long workers into sub-tasks, each sub-task has its own max-wait
- `--keep-tmux-on-terminal`: do not kill tmux during review phase,便于 PM tmux capture-pane to see worker wrap-up
- `--pane-tail-lines 0`: turn off when pane snapshot is not needed, reduce 1 tmux capture-pane call
**Known Uncovered Scenarios**:
- Deduplication of multiple sentinels for single worker: guaranteed 1:1 by PM behavior layer
- Codex/OpenCode path: not tested yet, Codex follows `templates/codex-heartbeat-wait.md`
- High-frequency polling storm: single worker CPU may be slightly high when worker cluster is large and polling interval <2s, adjust as needed7.3 cron + sentinel 标准组合(兜底监测,必挂两层)
7.3 cron + sentinel Standard Combination (Fallback Monitoring, Must Hang Two Layers)
sentinel(§7.2)是主监测:事件驱动、秒级抓 worker 终态 、零 idle token。但 sentinel 单独有 3 个盲区,必须再挂一个 cron 兜底(周期巡检),两层组合才是标准模式,而非二选一:
done| sentinel 盲区 | 表现 | cron 兜底如何抓到 |
|---|---|---|
| (a) worker 硬卡死不写 STATUS | sentinel 轮询到 | cron 周期读 STATUS + pane,发现 stale 主动介入 |
| (b) worker 用非标准 STATUS 文件名 | sentinel 监听 | cron 直接 |
| (c) sentinel 自身被 SIGKILL/SIGTERM 或 harness 未 re-invoke | sentinel 静默消失,PM 永不被唤醒 | cron 是独立 job,不依赖 sentinel 存活 |
频次(硬推荐,按任务粒度):
- 短任务(单 worker、预计 < 1h):~22 分钟
- 长流水线(多 worker / Wave / 预计 1-4h):10-15 分钟
- 避免 /
:00整点:所有用户挤在整点会 API 拥堵 + 触发速率限制;用错峰表达式如:30(每 10 分钟错峰)或3,13,23,33,43,53 * * * *(每 22 分钟错峰)。7,29,51 * * * * - 不要低于 10 分钟:cron 每次 fire 都 re-invoke PM(读 STATUS + git + pane),过频会抵消多 Agent 的 token efficiency。
双信号卡死检测(避免误判 long thinking):
判 worker 卡死必须同时满足两条,缺一不可:
- STATUS 信号:和 文件 mtime 都 > 阈值(长流水线 20min、短任务 15min)未变。
STATUS.json.updated_at - pane 信号:尾部出现死循环证据(连续重复行 / "Levitating… Nmin" 持续上涨但无新工具调用 / 报错堆栈不退出)。
tmux capture-pane
只满足 (1) 不满足 (2):worker 可能在 long thinking,发一条 心跳探针("更新 STATUS heartbeat"),等下一轮 cron 再判,不立即重启。
tmux send-keyscron prompt 用模板:。模板含:worker session + STATUS 路径 + git 分支 + sentinel id + stale 阈值 + 收尾自删(worker 全部合入后 )+ 无动作时一句话汇报(不膨胀上下文)。
templates/cron-monitor-prompt.mdCronDelete与 §7.1 / §7.2 的关系:
- §7.1 /
pm-monitor.sh:PM 主动调用的只读巡检工具(一次性或低频 log)。wait-worker.sh - §7.2 sentinel:worker 终态事件驱动唤醒(秒级抓 done),主监测。
- §7.3 cron:时间驱动兜底(抓 sentinel 盲区 + 卡死双信号 + sentinel 失效)。
- 三者叠加,不是替代。PM 派 worker 后必挂两层(sentinel + cron);sentinel 是主,cron 是兜底,cron 触发后若发现 worker 仍在推进,只回一句话、不做大动作。
sentinel (§7.2) is main monitoring: event-driven, captures worker terminal state in seconds, zero idle token. But sentinel alone has 3 blind spots, must hang another cron fallback (periodic inspection), two-layer combination is standard mode, not either-or:
done| Sentinel Blind Spot | Performance | How cron fallback catches it |
|---|---|---|
| (a) Worker hard freezes and does not write STATUS | Sentinel polls until | cron periodically reads STATUS + pane, finds stale and actively intervenes |
| (b) Worker uses non-standard STATUS file name | Sentinel listens to | cron directly |
| (c) Sentinel itself is SIGKILL/SIGTERM or harness does not re-invoke | Sentinel silently disappears, PM is never woken up | cron is independent job, does not depend on sentinel survival |
Frequency (Hard Recommendation, by Task Granularity):
- Short Tasks (single worker, expected <1h): ~22 minutes
- Long Pipelines (multiple workers/Wave/expected 1-4h): 10-15 minutes
- Avoid /
:00on the hour: All users crowding on the hour will cause API congestion + trigger rate limits; use off-peak expressions such as:30(off-peak every 10 minutes) or3,13,23,33,43,53 * * * *(off-peak every 22 minutes).7,29,51 * * * * - Do not be less than 10 minutes: cron re-invokes PM every time it fires (reads STATUS + git + pane), too frequent will offset token efficiency of multi-agent.
Dual-Signal Freeze Detection (Avoid Misjudging Long Thinking):
To judge worker freeze, both conditions must be met, neither is dispensable:
- STATUS Signal: Both and file mtime have not changed for > threshold (20min for long pipelines, 15min for short tasks).
STATUS.json.updated_at - Pane Signal: tail shows evidence of infinite loop (continuous repeated lines / "Levitating… Nmin" keeps rising but no new tool calls / error stack does not exit).
tmux capture-pane
Only meet (1) but not (2): Worker may be in long thinking, send a heartbeat probe ("update STATUS heartbeat"), wait for next cron round to judge, do not restart immediately.
tmux send-keysUse Template for cron Prompt: . Template includes: worker session + STATUS path + git branch + sentinel id + stale threshold + wrap-up self-delete ( after all workers merged) + one-sentence report when no action (does not expand context).
templates/cron-monitor-prompt.mdCronDeleteRelationship with §7.1/§7.2:
- §7.1 /
pm-monitor.sh: Read-only inspection tools actively called by PM (one-time or low-frequency log).wait-worker.sh - §7.2 sentinel: Event-driven wake-up when worker reaches terminal state (captures done in seconds), main monitoring.
- §7.3 cron: Time-driven fallback (captures sentinel blind spots + freeze dual signals + sentinel failure).
- The three superimpose, not replace. After PM assigns workers, must hang two layers (sentinel + cron); sentinel is main, cron is fallback, if cron triggers and finds worker still advancing, only return one sentence, no big actions.
8. 收口
8. Wrap-Up
8.0 PM 在 Worker 提 PR 后的持续同步
8.0 PM Continuous Synchronization After Worker Raises PR
worker 提 PR 不是 PM 收口完成的信号。从提 PR 到合并之间,PM 必须做两件事避免外部抢跑:
-
提 PR 之后立即跑 mergeable 检查:bash
gh pr view <N> --json state,mergeable,mergeStateStatus,baseRefName,headRefName- /
mergeable=CONFLICTING/mergeStateStatus=DIRTY落后:base 已被 doc-curator 或其他 PR 抢跑。立即按baseRefName的「base 落后 / 冲突处理」决策表(update branch vs rebase vs close-and-reopen)处理。git-workflow - 且 base 是最新:进入 review 流程。
mergeable=MERGEABLE
-
PM 本地 main 立即 push:
- PM 在主目录 commit docs / DEC 之后立即 ,避免本地与 origin/main drift。
git push origin main - drift 后 push 报 non-fast-forward,squash merge 引入的"内容相同但 history 不同"会让 git 误判冲突,恢复成本高。
- 看到 origin/main 领先本地时,先 +
git fetch origin(不是git switch -C main origin/main,squash commit 不会自动 ff),再继续 PM 工作。git pull
- PM 在主目录 commit docs / DEC 之后立即
worker backend 选择(subagent / tmux / Agent Teams)见 §2.1。
Worker raising PR is not a signal that PM wrap-up is completed. Between raising PR and merging, PM must do two things to avoid external preemption:
-
Immediately run mergeable check after raising PR:bash
gh pr view <N> --json state,mergeable,mergeStateStatus,baseRefName,headRefName- /
mergeable=CONFLICTING/mergeStateStatus=DIRTYis behind: base has been preempted by doc-curator or other PRs. Immediately handle according tobaseRefName's "base behind/conflict handling" decision table (update branch vs rebase vs close-and-reopen).git-workflow - and base is latest: enter review process.
mergeable=MERGEABLE
-
PM local main push immediately:
- After PM commits docs/DEC in main directory, immediately , avoid drift between local and origin/main.
git push origin main - After drift, push reports non-fast-forward, "same content but different history" introduced by squash merge will make git misjudge conflict, high recovery cost.
- When seeing origin/main is ahead of local, first +
git fetch origin(notgit switch -C main origin/main, squash commit will not automatically ff), then continue PM work.git pull
- After PM commits docs/DEC in main directory, immediately
Worker backend selection (subagent/tmux/Agent Teams) see §2.1.
8.1 收口标准步骤
8.1 Standard Wrap-Up Steps
worker 完成后:
- 检查 、
git status --short、PR diff 范围。git diff --check main...HEAD - 需要 review 时交叉审阅,分支作者不审自己的 PR。review 工具按项目类型选,不要默认 code-review:代码项目用 code-review subagent;书稿 / 文档 / 写作项目用 (或项目领域审稿 skill);研究 / 配置类 PR 用对应内容审查。项目应在自己的
writing-reviewer里写明用哪个 review skill;没写时 PM 按项目性质判断,不假定 code-review。AGENTS.md - 合并、push、PR 编号写入 commit、Issue 关闭等动作遵循 。
git-workflow - 若 PM review 发现问题,优先通过 tmux / agent view / inbox 给原 worker 发送 review correction;worker 应追加修复 commit、重新运行验证并更新 PR,不由 PM 默认代写。
- PM 复核 correction commit、验证结果和 PR diff 后,再决定是否进入 merge。
- 合并后清理 worktree/session,先 dry-run 再显式执行:
bash
bash scripts/clean-worktree.sh --project /path/to/repo --branch docs/ch01-agent-intro --session legal-ch01
bash scripts/clean-worktree.sh --project /path/to/repo --branch docs/ch01-agent-intro --session legal-ch01 --executeAfter worker completes:
- Check ,
git status --short, PR diff scope.git diff --check main...HEAD - When review is needed, cross-review, branch author does not review their own PR. Select review tool according to project type, do not default to code-review: use code-review subagent for code projects; use (or project-specific review skill) for manuscripts/docs/writing projects; use corresponding content review for research/configuration PRs. Projects should specify which review skill to use in their
writing-reviewer; if not written, PM judges according to project nature, do not assume code-review.AGENTS.md - Merge, push, write PR number into commit, close Issue, etc., follow .
git-workflow - If PM review finds problems, prioritize sending review correction to original worker via tmux/agent view/inbox; worker should add fix commit, re-run verification, and update PR, do not default to PM writing instead.
- After PM reviews correction commit, verification results, and PR diff, decide whether to enter merge.
- After merging, clean up worktree/session, dry-run first then execute explicitly:
bash
bash scripts/clean-worktree.sh --project /path/to/repo --branch docs/ch01-agent-intro --session legal-ch01
bash scripts/clean-worktree.sh --project /path/to/repo --branch docs/ch01-agent-intro --session legal-ch01 --execute9. 依赖
9. Dependencies
依赖按模式分层;只读文档不需要安装任何工具。首次在新机器上启动 worker 前,先运行:
bash
bash scripts/check-dependencies.sh
bash scripts/check-dependencies.sh --backend claude-code --backend codex --check-ghDependencies are layered by mode; read-only documents do not require any tool installation. Before starting workers on a new machine for the first time, run:
bash
bash scripts/check-dependencies.sh
bash scripts/check-dependencies.sh --backend claude-code --backend codex --check-gh最小本地执行依赖
Minimum Local Execution Dependencies
| 依赖 | 安装方式 |
|---|---|
| 通常随开发环境提供 |
| 常规脚本需要 bash; |
| macOS: |
| macOS: |
常见 Unix 工具如 、、、、、、 通常由系统提供;日期解析已兼容 macOS/Linux。
awksedgrepfindstatdatemktemp| Dependency | Installation Method |
|---|---|
| Usually provided with development environment |
| Regular scripts require bash; |
| macOS: |
| macOS: |
Common Unix tools such as , , , , , , are usually provided by the system; date parsing is compatible with macOS/Linux.
awksedgrepfindstatdatemktemp按模式启用的依赖
Dependencies Enabled by Mode
| 模式 | 依赖 |
|---|---|
| PR / mergeability 巡检 | |
| Claude Code worker | |
| Codex worker | |
| OpenCode worker | |
| Codex heartbeat | Codex App automation 能力;创建/修改 automation 必须使用 |
Claude 官方 agent view / | |
| Mode | Dependency |
|---|---|
| PR/mergeability inspection | |
| Claude Code worker | |
| Codex worker | |
| OpenCode worker | |
| Codex heartbeat | Codex App automation capability; must use |
Claude official agent view/ | |
可选终端依赖
Optional Terminal Dependencies
scripts/terminal-split.shkitty @wezterm cliosascript完整依赖矩阵见 。依赖检查脚本只报告状态,不安装软件、不启动 worker、不改配置。
references/02-runtime-dependencies.mdscripts/terminal-split.shkitty @wezterm cliosascriptComplete dependency matrix see . Dependency check script only reports status, does not install software, start workers, or modify configurations.
references/02-runtime-dependencies.md10. 参考
10. References
只在需要细节时读取:
核心编排参考(机制 / 依赖 / 收口):
- :模型与执行模式选择。
references/01-model-selection-matrix.md - :按模式拆分的本地依赖矩阵和安装建议。
references/02-runtime-dependencies.md - :
references/03-checkpoint-files.md、STATUS.json、RESULT.md的字段和模板。PATCH_SUMMARY.md - :PM 巡检(sentinel)bash 模式设计与信号。
references/04-sentinel-design.md - :法律项目拆解样例(诉讼/非诉阶段模型、任务字段、Agent 路由)。
references/05-legal-domain-patterns.md - :Claude Code 第三方 API provider/model registry 模板。
config/claude-provider-registry.example.json - :Claude Code 第三方 API provider settings 兼容模板。
config/claude-provider-settings.example.json
Agent CLI worker backend(先看总览,再查具体工具):
- :本机所有 Agent CLI 完整参考手册(Claude Code / Codex / OpenCode / Hermes / Kimi / Gemini / QoderWork),含参数速查、tmux worker 模板、跨 CLI 对比矩阵和选用建议。
references/06-agent-cli-reference.md - :QoderWork CLI(
references/07-qoderwork-cli-worker.md)作为 worker backend 的可行性研究,含 CLI 参数、模型列表、SDK 环境冲突、tmux 启动示例和适用场景。qoderclicn - :WorkBuddy / CodeBuddy CLI(
references/08-workbuddy-cli-worker.md)作为 worker backend 的可行性研究,含 Kimi K2.6 书稿 worker 实测、权限模式、checkpoint/path 偏差和收口规则。codebuddy
实战经验与排障:
- :tmux/Agent Teams 实战坑点。
references/09-parallel-lessons.md - :Agent Teams / agent view / Claude 原生
references/10-agent-teams-troubleshooting.md后端排障。--worktree --tmux
官方文档:
- Claude Code agent view:
https://code.claude.com/docs/en/agent-view - Claude Code worktrees:
https://code.claude.com/docs/en/worktrees - Claude Code CLI usage:
https://code.claude.com/docs/en/cli-usage - Claude Code checkpointing:
https://code.claude.com/docs/en/checkpointing
脚本:
- :检查核心依赖、backend CLI、GitHub CLI 和终端分屏工具。
scripts/check-dependencies.sh - :从 Claude provider registry 或 settings JSON 构造本次 worker 的隔离 env,屏蔽用户级 provider/model 污染。
scripts/claude-provider-env.sh - :按 backend/profile 生成 worker command、prompt context 和 spawn metadata。
scripts/render-runtime-profile.sh - :创建隔离 worktree、Session Context 和 tmux session,并输出启动 gate。
scripts/spawn-worker.sh - :自动 PM 巡检脚本,保留 checkpoint 文件、Agent Teams inbox、tasks、Git SHA、PR 状态、tmux session、Wave 和多信号进展监控。
scripts/pm-monitor.sh - :单 worker 等待器,可接 Claude Code background Bash 或 Codex heartbeat automation。
scripts/wait-worker.sh - :单 worker 只读总览,展示 metadata、checkpoint、tmux 和 git 状态。
scripts/worktree-status.sh - :worker session/worktree 安全清理,默认 dry-run,清理前展示 metadata 摘要。
scripts/clean-worktree.sh - :临时 repo 端到端 smoke test;只在修改 Skill 脚本后运行。
scripts/smoke-tmux-worker.sh - :逐个验证
scripts/smoke-provider-settings.sh能启动 Claude Code 并返回响应;新增或改 provider 后运行。config/*.settings.json - :wait/monitor/custom wait 脚本 lint;只在修改 wait/monitor 脚本后运行。
scripts/lint-wait-script.sh - :可选可视化辅助,保留 iTerm2、Kitty、WezTerm、Warp、Ghostty、Zed、Terminal.app 支持;默认编排不依赖它。
scripts/terminal-split.sh
模板:
- :worker bootstrap 和完整派发 prompt 模板。
templates/worker-prompt.md - :PM 级连续多 Wave Goal Contract 模板。
templates/orchestration-goal.md - :可选项目级编排配置模板,声明 trunk、任务源、验证命令、provider slot、非敏感配置复制和 hook 边界。
templates/project-config.json - :Codex App heartbeat 巡检 prompt。
templates/codex-heartbeat-wait.md - :每轮 Wave 收口和 provider/model 评估模板。
templates/wave-summary.md - :
templates/checkpoint-status.json模板。STATUS.json - :完成/失败结果摘要模板。
templates/checkpoint-result.md - :PR review 用 diff 摘要模板。
templates/checkpoint-patch-summary.md
Read only when details are needed:
Core Orchestration References (Mechanism/Dependency/Wrap-Up):
- : Model and execution mode selection.
references/01-model-selection-matrix.md - : Local dependency matrix split by mode and installation suggestions.
references/02-runtime-dependencies.md - : Fields and templates of
references/03-checkpoint-files.md,STATUS.json,RESULT.md.PATCH_SUMMARY.md - : Design and signals of PM inspection (sentinel) bash mode.
references/04-sentinel-design.md - : Legal project decomposition examples (litigation/non-litigation phase models, task fields, Agent routing).
references/05-legal-domain-patterns.md - : Claude Code third-party API provider/model registry template.
config/claude-provider-registry.example.json - : Claude Code third-party API provider settings compatibility template.
config/claude-provider-settings.example.json
Agent CLI Worker Backend (Read Overview First, Then Check Specific Tools):
- : Complete reference manual for all local Agent CLIs (Claude Code/Codex/OpenCode/Hermes/Kimi/Gemini/QoderWork), including parameter quick reference, tmux worker template, cross-CLI comparison matrix, and selection suggestions.
references/06-agent-cli-reference.md - : Feasibility study of QoderWork CLI (
references/07-qoderwork-cli-worker.md) as worker backend, including CLI parameters, model list, SDK environment conflicts, tmux startup examples, and applicable scenarios.qoderclicn - : Feasibility study of WorkBuddy/CodeBuddy CLI (
references/08-workbuddy-cli-worker.md) as worker backend, including Kimi K2.6 manuscript worker actual test, permission mode, checkpoint/path deviation, and wrap-up rules.codebuddy
Practical Experience and Troubleshooting:
- : Practical pitfalls of tmux/Agent Teams.
references/09-parallel-lessons.md - : Troubleshooting for Agent Teams/agent view/Claude native
references/10-agent-teams-troubleshooting.mdbackend.--worktree --tmux
Official Documentation:
- Claude Code agent view:
https://code.claude.com/docs/en/agent-view - Claude Code worktrees:
https://code.claude.com/docs/en/worktrees - Claude Code CLI usage:
https://code.claude.com/docs/en/cli-usage - Claude Code checkpointing:
https://code.claude.com/docs/en/checkpointing
Scripts:
- : Checks core dependencies, backend CLI, GitHub CLI, and terminal split tools.
scripts/check-dependencies.sh - : Constructs isolated env for this worker from Claude provider registry or settings JSON, shields user-level provider/model pollution.
scripts/claude-provider-env.sh - : Generates worker command, prompt context, and spawn metadata according to backend/profile.
scripts/render-runtime-profile.sh - : Creates isolated worktree, Session Context, and tmux session, and outputs startup gate.
scripts/spawn-worker.sh - : Automatic PM inspection script, retains checkpoint files, Agent Teams inbox, tasks, Git SHA, PR status, tmux session, Wave, and multi-signal progress monitoring.
scripts/pm-monitor.sh - : Single worker waiter, can connect to Claude Code background Bash or Codex heartbeat automation.
scripts/wait-worker.sh - : Single worker read-only overview, displays metadata, checkpoint, tmux, and git status.
scripts/worktree-status.sh - : Safe cleanup of worker session/worktree, default dry-run, displays metadata summary before cleanup.
scripts/clean-worktree.sh - : Temporary repo end-to-end smoke test; only run after modifying Skill scripts.
scripts/smoke-tmux-worker.sh - : Verifies one by one that
scripts/smoke-provider-settings.shcan start Claude Code and return response; run after adding or modifying providers.config/*.settings.json - : Lint for wait/monitor/custom wait scripts; only run after modifying wait/monitor scripts.
scripts/lint-wait-script.sh - : Optional visualization aid, retains support for iTerm2, Kitty, WezTerm, Warp, Ghostty, Zed, Terminal.app; default orchestration does not depend on it.
scripts/terminal-split.sh
Templates:
- : Worker bootstrap and complete assignment prompt template.
templates/worker-prompt.md - : PM-level continuous multi-Wave Goal Contract template.
templates/orchestration-goal.md - : Optional project-level orchestration configuration template, declares trunk, task source, verification commands, provider slot, non-sensitive configuration copy, and hook boundaries.
templates/project-config.json - : Codex App heartbeat inspection prompt.
templates/codex-heartbeat-wait.md - : Template for each Wave wrap-up and provider/model evaluation.
templates/wave-summary.md - :
templates/checkpoint-status.jsontemplate.STATUS.json - : Completion/failure result summary template.
templates/checkpoint-result.md - : Diff summary template for PR review.
templates/checkpoint-patch-summary.md
11. 评估与验收
11. Evaluation and Acceptance
评估范围
Evaluation Scope
本 skill 评估对象 = spawn-worker + sentinel + pm-monitor + render-runtime-profile + clean-worktree 的协同行为;不评估具体 worker backend(claude / codex / opencode)本身的能力。
Evaluation object of this skill = collaborative behavior of spawn-worker + sentinel + pm-monitor + render-runtime-profile + clean-worktree; does not evaluate capabilities of specific worker backends (claude/codex/opencode) themselves.
Hard Fail(出现即不通过)
Hard Fail(Fail Immediately If Occurs)
- 防逃逸门禁未过(§2.1),PM 直接写业务代码。
- spawn-worker.sh 启动后 pane cwd ≠ worktree 或 branch ≠ 目标分支(gate 失败)。
- worker 写 STATUS 同义词(completed / finished)而非字面 ,sentinel 不退出。
done - worker 改完文件不 commit,PM 收口验到空 diff。
- 真实 settings(config/*.settings.json)进入 git 追踪或打包件。
- Anti-escape gate not passed (§2.1), PM directly writes business code.
- After spawn-worker.sh starts, pane cwd ≠ worktree or branch ≠ target branch (gate failure).
- Worker writes STATUS synonyms (completed/finished) instead of literal , sentinel does not exit.
done - Worker modifies files without committing, PM verifies empty diff when wrapping up.
- Real settings (config/*.settings.json) enter git tracking or package.
Benchmark case
Benchmark Case
- :临时 repo e2e(spawn 1 worker 跑完,STATUS=done,diff 非空,clean 无残留)。
smoke-tmux-worker.sh - 建议补 :spawn 2 worker 并行改不重叠文件,sentinel 等终态,验证两个 PR diff 范围独立、STATUS 均 done、clean 无残留。
smoke-e2e-wave.sh
- : Temporary repo e2e (spawn 1 worker to complete, STATUS=done, diff non-empty, clean no residue).
smoke-tmux-worker.sh - It is recommended to add : spawn 2 workers to modify non-overlapping files in parallel, sentinel waits for terminal state, verify that two PR diff scopes are independent, STATUS are all done, clean no residue.
smoke-e2e-wave.sh
静态检查 vs 动态评估
Static Check vs Dynamic Evaluation
- 静态:(wait / monitor 脚本 lint)+
lint-wait-script.sh(preflight 依赖检查)。check-dependencies.sh - 动态:(e2e 端到端)+
smoke-tmux-worker.sh(provider 验证,需真实 key,optional)。smoke-provider-settings.sh
- Static: (lint for wait/monitor scripts) +
lint-wait-script.sh(preflight dependency check).check-dependencies.sh - Dynamic: (e2e end-to-end) +
smoke-tmux-worker.sh(provider verification, requires real key, optional).smoke-provider-settings.sh