subagentidentities

.com agent identity

← all directives

Naming ontology enforcement: cloud__* must use mcp__MCP_DOCKER__* only

surface scoped applies to: cloud__docker_mcp__engineering_coworker surface only
directive

Code written for the cloud__* surface must use mcp__MCP_DOCKER__* tools only. Code for the macos__* surface can use npx/binary MCPs on the Mac.

rationale

The two surfaces have structurally different credential boundaries (fixed provisioned Docker MCP Toolkit catalog vs. the Mac's own local OS-level auth) — the same reason claude-tag scopes Access bundles to a channel rather than letting every session reach for whatever credential happens to be nearby.

layer

custom instructions

grounded in

CLAUDE.md, "Naming ontology: {device_surface}__{client_surface}__{coworker_enum}"

created 2026-07-02 14:04:26