Access bundles
Named sets of credentials and instructions, generalized from claude-tag's Access bundle primitive -- real bundles from this repo's own profiles/*.json and Docker MCP Toolkit catalog, not invented examples. See the grounding for what each column means.
claude_desktop_chat
no connections attached
N/A — no MCP servers, no workspace folder; pure conversation, matching add-connections.md's own note that "Slack-only use cases like triage, catch-up, and turning threads into docs run with none [connections]"
None — no MCP servers means no outbound egress from this profile at all
None attached
profiles/claude_desktop_chat.json, "_description": "Minimal Claude Desktop — Chat tab only. No MCP servers, no workspace folder."
claude_desktop_cowork
cloudflaregithubfilesystemchrome-devtoolsengineering-coworker
Each MCP server runs as a local npx/binary process under the Mac's own OS-level auth (SSH keys, cargo/wrangler sessions, Cloudflare API token) rather than a service account provisioned in a console — the personal-account/DM shape, not the channel/service-account shape
Whatever each of the 5 local MCP servers can reach on this one Mac — no centrally configured Domains allowlist, since these are local process spawns, not proxied network egress
engineering-coworker (the dedicated Rust MCP server for cargo/wrangler/git/D1) is itself the "plugin" here — a bundle of deterministic tools travelling with this scope, the same relationship add-connections.md describes between a Datadog credential and a Datadog plugin
profiles/claude_desktop_cowork.json; CLAUDE.md, "macOS Claude Desktop profiles"
claude_desktop_code
cloudflaregithubfilesystempostgressubagentjobs-mcp
Same local-process pattern as the Cowork bundle, plus subagentjobs-mcp — this repo's own dogfood MCP server (crates/mcp-server), added specifically so this profile can exercise the repo's own tooling the way an admin would test a new connection before rolling it out
Whatever the 5 local MCP servers reach on this Mac, plus whatever subagentjobs-mcp's own Postgres/Redis backing stores expose locally
subagentjobs-mcp is this repo's own "skills repository" analogue (add-connections.md, "Anthropic provides plugins for common tools, and you can add your own from a skills repository") — a self-authored plugin dogfooding this exact primitive
profiles/claude_desktop_code.json; CLAUDE.md, "macOS Claude Desktop profiles"
docker_mcp_toolkit_catalog
17 snapshotted Docker Desktop MCP Toolkit servers
Provisioned once into the Docker Desktop MCP Toolkit catalog and shared by every cloud__* session regardless of who invoked it — the exact channel/service-account shape add-connections.md describes: "Connections belong to the agent identity, not to any person."
Whatever the 17 catalog servers' own credentials are scoped to reach — centrally configured once, not per-session, matching add-connections.md's "configure once, everyone in the scope can use it immediately"
This repo's own CLAUDE.md rule is the plugin/instruction layer that travels with this bundle: "code written for cloud__* surface must use mcp__MCP_DOCKER__* tools only" — already seeded as dir_naming_ontology_enforcement on the directives table
CLAUDE.md, "Naming ontology" + "cloud__docker_mcp__engineering_coworker — Claude inference in Anthropic cloud using Docker MCP Toolkit catalog servers (17 servers snapshotted in Docker Desktop MCP Toolkit)"