Tinker Agent Role Enforcement Architecture: Core Principle: Each agent type must strictly adhere to their designated responsibilities with no overlap. Role Definitions: 1. Orchestrator: Strategic planning, task decomposition, coordination. NEVER implements code. 2. Worker: Code implementation, testing, bug fixes. NEVER creates tasks or plans work. 3. Reviewer: Code review, audit, quality assurance. NEVER implements new features. Implementation Layers: 1. System Prompts: Role-specific constraints injected at session start 2. Validation Logic: Active prevention of role violations before execution 3. MCP Access Control: Tool-level restrictions based on role 4. Guardrails: Clear error messages with helpful redirection 5. Testing: Comprehensive verification of compliance Key Files: - /lib/tinker/role_prompts.rb (system prompt templates) - /lib/tinker/role_validator.rb (validation middleware) - /lib/tinker/mcp_access_control.rb (tool access control) - /lib/tinker/guardrails.rb (error messages) - /config/tinker/role_permissions.yml (configuration) - /config/tinker/mcp_permissions.yml (MCP permissions) - /config/tinker/error_messages.yml (error templates)