fix(squad): warn leader against label/UUID mismatch in delegations#64
Merged
Merged
Conversation
…ther's UUID The Squad Operating Protocol already required leaders to use the full `[@name](mention://<type>/<UUID>)` markdown, but it never called out that the `[Label]` and `(UUID)` parts are decoupled — only the UUID routes, the label is decorative. An LLM leader could (and did) Frankenstein a delegation by pairing one roster row's label with another row's UUID, producing a comment that looked addressed to A but actually triggered B. Add a hard rule + worked counter-example so the leader prompt states the decoupling explicitly. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
1 Skipped Deployment
|
This was referenced May 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
@mentionrouting is decided by the UUID inside(mention://agent/<UUID>); the[Label]part is decorative — only ever rendered for humans. A squad-leader LLM that pairs one Squad Roster row's label with another row's UUID produces a delegation that looks addressed to A in the UI but silently triggers B (concrete incident: a comment that read@阚美荣-代码审查-GPTactually dispatched代码审查-张桐-AI).The existing
Squad Operating Protocolalready required leaders to use the full[@Name](mention://<type>/<UUID>)markdown, but it never stated that the two halves are decoupled, so the LLM had no reason to treat the link as a single indivisible string when copying from the Roster.Add a hard rule with a worked counter-example. Lowest-cost layer of defense — pure prompt change, no code or data touched.
Test plan
go test ./server/internal/handler -run TestBuildSquadLeader— the existing briefing tests assert on substring presence, so the new text passes through without breaking them🤖 Generated with Claude Code