Naming ontology enforcement: cloud__* must use mcp__MCP_DOCKER__* only
directive
Code written for the cloud__* surface must use mcp__MCP_DOCKER__* tools only. Code for the macos__* surface can use npx/binary MCPs on the Mac.
rationale
The two surfaces have structurally different credential boundaries (fixed provisioned Docker MCP Toolkit catalog vs. the Mac's own local OS-level auth) — the same reason claude-tag scopes Access bundles to a channel rather than letting every session reach for whatever credential happens to be nearby.
layer
custom instructions
grounded in
CLAUDE.md, "Naming ontology: {device_surface}__{client_surface}__{coworker_enum}"
created 2026-07-02 14:04:26