← 返回 Skills 市场

Firm Orchestration

Name: Firm Orchestration
Author: romainsantoli-web

作者 romainsantoli-web · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

472

总下载

当前安装

版本数

在 OpenClaw 中安装

/install firm-orchestration

功能描述

Pyramid multi-agent orchestration for OpenClaw: routes objectives from a CEO agent down through departments, services and employees via sessions_send / sessi...

使用说明 (SKILL.md)

firm-orchestration

This skill implements the A2A (Agent-to-Agent) pyramid pattern for OpenClaw.

Architecture

CEO Agent (orchestrator)
 ├── Department Strategy
 │   └── Service Planning → Employee Analyst
 ├── Department Engineering
 │   └── Service Backend  → Employee Implementer
 ├── Department Quality
 │   └── Service Testing  → Employee Auditor
 └── Department Operations
     └── Service Release  → Employee Coordinator

Usage

Send this to your OpenClaw session to trigger a full firm orchestration run:

@firm-orchestration run
  objective: "Build a payment API"
  departments: ["engineering", "quality"]
  delivery_format: "github_pr"

Tools activated

Tool	Purpose
`sessions_list`	Discover active department/service sessions
`sessions_spawn`	Spawn missing sessions per pyramid level
`sessions_send`	Delegate objectives down the hierarchy
`sessions_history`	Collect results from child sessions

Handoff contract

Each delegation payload follows this schema:

{
  "from": "ceo",
  "to": "department:engineering",
  "objective": "...",
  "constraints": ["...", "..."],
  "definition_of_done": "...",
  "context_ref": "memory:delivery/latest",
  "reply_session": "main"
}

Merge strategy

Results from all departments are:

Collected via sessions_history with a 30-second deadline
Deduplicated by objective_key
Merged in dependency order (Strategy → Engineering → Quality → Ops)
Formatted according to delivery_format

Operating Protocol (Anthropic-style)

Based on real Anthropic team practices — "How Anthropic teams use Claude Code"

Phase 1 — Parallel dispatch (never sequential)

Fan-out simultaneously to all departments via sessions_send. Never wait for one department before launching the next. Each session receives the full handoff contract and maintains its own complete context. Store all reply_session refs for convergence.

Objective received →
  sessions_send(engineering) ‖ sessions_send(quality) ‖ sessions_send(ops) ‖ sessions_send(strategy)
→ wait(deadline=30s)
→ collect via sessions_history

Phase 2 — Iterative loop on blockers

If a department returns status: blocked, do NOT resolve it yourself. Spawn a joint resolution session with the two conflicting departments and let them iterate:

engineering blocked by legal →
  sessions_spawn(participants=[engineering, legal], objective="resolve_blocker") →
  wait(max_iterations=2) →
  collect resolution

Maximum 2 re-delegation cycles before escalating to CEO with explicit blocker report.

Phase 3 — Convergence with partial acceptance

30-second hard deadline. After deadline: accept partial results, mark missing department outputs as status: timeout, include them in final report as open items. Never block delivery on a single department.

Phase 4 — Validate before merge

Before merging each department output into the final deliverable:

Check output satisfies its definition_of_done
If DoD not met: flag as quality: partial — do not silently drop
Merge in dependency order only: Strategy → Engineering → Quality → Ops

Phase 5 — Deliver + document

After every completed orchestration, automatically append:

Run summary (1 paragraph)
Departments that delivered / timed out / were blocked
Architecture/process decisions made
Suggestions for improving the next similar run

All final outputs carry the mandatory disclaimer:

⚠️ Contenu généré par IA — validation humaine requise avant utilisation en production.

Phase 6 — Git checkpoints (when Engineering is involved)

Require Engineering to commit after each sub-task — not only at end of run. Reject PRs that are not draft + labelled needs-review. Never allow direct merge to main.

Security

All inter-session calls use reply_session: "main" to avoid orphaned sessions
sessions_spawn is rate-limited: max 20 spawns per orchestration run
Payloads are validated against the handoff schema before dispatch
No external network calls — pure Gateway WebSocket routing

Example prompt

Use the firm-orchestration skill to:
  objective: "Audit the authentication module"
  departments: ["quality", "engineering"]
  constraints: ["read-only access only", "no production changes"]
  definition_of_done: "Security report with CVSS scores and fix recommendations"
  delivery_format: "markdown_report"

💎 Support

Si ce skill vous est utile, vous pouvez soutenir le développement :

Dogecoin : DQBggqFNWsRNTPb6kkiwppnMo1Hm8edfWq

安全使用建议

This skill appears coherent and performs only in-platform orchestration using sessions tools. Before installing: 1) Ensure the platform-level session tools (sessions_send/spawn/history) are trusted and limited to intended permissions. 2) Confirm which sessions have access to external systems (GitHub, deployment APIs) because Phase 6 describes PR/commit policies but the skill does not request credentials — those actions will depend on session permissions. 3) Monitor orchestration runs initially (spot-check replies, spawned sessions, and any external side effects) and enforce human review for final outputs and any repository merges. The Dogecoin address is just an optional donation and not functionally required.

功能分析

Type: OpenClaw Skill Name: firm-orchestration Version: 1.0.0 The skill `firm-orchestration` is classified as suspicious due to its powerful multi-agent orchestration capabilities, including spawning new agent sessions (`sessions_spawn`) and sending objectives to them (`sessions_send`) as detailed in `SKILL.md`. While the skill explicitly states 'No external network calls' and requires no external binaries (`bins: []`), the user-controlled `objective` and `constraints` parameters passed to child agents represent a potential prompt injection vector for downstream agents. Additionally, the 'Git checkpoints' instructions in `SKILL.md` imply interaction with external Git systems, which, despite the lack of explicit tools, introduces ambiguity regarding the agent's potential actions in a real-world scenario.

能力评估

✓ Purpose & Capability

Name/description (pyramid multi-agent orchestration) matches the instructions and the declared tools (sessions_list, sessions_spawn, sessions_send, sessions_history). No unrelated binaries, env vars, or config paths are requested.

ℹ Instruction Scope

SKILL.md stays within orchestration boundaries (dispatch, spawn, collect, merge, deadlines, handoff schema). It references platform artifacts like reply_session and memory:delivery/latest which are appropriate for an A2A orchestration skill. One operational note: Phase 6 (Git checkpoints / PR policies) implies interactions with an external VCS workflow — the skill does not request credentials, so the actual ability to create/label/reject PRs depends on the permissions of the sessions it orchestrates. Confirm that those sessions are restricted and that no session has unchecked external write privileges.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files — nothing will be written to disk or fetched during install.

✓ Credentials

No environment variables, secrets, or config paths are requested. The skill's behavior relies on platform session tooling rather than external credentials, which is proportionate to its stated purpose.

✓ Persistence & Privilege

always is false and model invocation is allowed (platform default). The skill does not request persistent presence or system-wide configuration changes.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install firm-orchestration
安装完成后，直接呼叫该 Skill 的名称或使用 /firm-orchestration 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of firm-orchestration 1.0.0: - Implements the A2A (Agent-to-Agent) pyramid orchestration pattern for OpenClaw. - Enables CEO agent to delegate objectives down through departments, services, and employees using OpenClaw session tools. - Features a parallel, contract-based dispatch and convergence protocol modeled after real-world team practices. - Ensures outputs are validated, merged in dependency order, and documented with run summaries and disclaimers. - Built-in safeguards: session management, schema validation, rate limits, and no external calls.

元数据

Slug firm-orchestration

版本 1.0.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 1

常见问题