subagentidentities

.com agent identity
19 identities, live from D1

Identities

Real boundaries, not a mockup -- every card below is a row in this Worker's own database, grounded in a real doc or a real file in this repo. See the grounding for what each column means.

macos_desktop_cowork (1)

macos__desktop_cowork__engineering_coworker

surface: macos_desktop_cowork

The operator's own Mac session — Claude Desktop Cowork profile, tied to that one machine/operator, closest analogue to claude-tag's DM mode (no shared channel scope, personal connectors)

credential source

profiles/claude_desktop_cowork.json — npx/binary MCP servers running locally under the Mac's own OS-level auth (Cloudflare, GitHub, filesystem, chrome-devtools, engineering-coworker Rust binary)

access scope

Whatever the Mac's own npx/binary MCPs can reach — Cloudflare account, GitHub, local filesystem, a locally running Chrome instance, cargo/wrangler/git on that machine

billing owner

Alex@jadecli.com (the individual operator), same as claude-tag attributes DM work to "your name" and bills "your seat"

grounded in

CLAUDE.md, "Naming ontology: {device_surface}__{client_surface}__{coworker_enum}"

cloud_docker_mcp (1)

cloud__docker_mcp__engineering_coworker

surface: cloud_docker_mcp

Claude inference running in Anthropic's cloud, acting through a fixed, provisioned Docker MCP Toolkit catalog — closest analogue to claude-tag's channel mode: same capability regardless of which session invokes it

credential source

Docker Desktop MCP Toolkit — 17 servers snapshotted into the catalog, each with its own provisioned credential, none of them the raw Mac-local auth used by the macos__* surface

access scope

Exactly the 17 mcp__MCP_DOCKER__* tools snapshotted in the catalog — this repo's own CLAUDE.md rule: "code written for cloud__* surface must use mcp__MCP_DOCKER__* tools only"

billing owner

The organization/workspace owning the Docker MCP Toolkit catalog, same as claude-tag bills channel work "to the organization"

grounded in

CLAUDE.md, "Naming ontology" + "cloud__docker_mcp__engineering_coworker — Claude inference in Anthropic cloud using Docker MCP Toolkit catalog servers"

mac_binary_mediated (1)

engineering-coworker (crates/engineering-coworker)

surface: mac_binary_mediated

A Rust MCP server (rmcp, stdio) that executes cargo/wrangler/git/D1 operations on the developer's real Mac on Claude's behalf — Claude is never handed the raw credential, mirroring claude-tag's own Agent Proxy: "Agent Proxy attaches a credential... the model and the sandbox itself are not given the key."

credential source

The Mac's own git/cargo/wrangler auth (SSH keys, cargo registry token, wrangler OAuth session) — held by the binary process, never passed through to the calling model

access scope

cargo_check, cargo_test, wrangler_deploy, d1_query, git_status, git_commit_push — exactly the six tools this binary exposes, no more

billing owner

The operator whose Mac the binary runs on — attribution flows through, same as any macos__* surface action

grounded in

CLAUDE.md, "engineering-coworker MCP server (crates/engineering-coworker)"; agent-identity.md, "Agent Proxy" (Anthropic's own Agent Proxy pattern this binary parallels in spirit)

cloudflare_account (1)

Cloudflare account e6294e3ea89f8207af387d459824aaae (Alex@jadecli.com)

surface: cloudflare_account

Every subagent*.com Worker deploy, every D1 write, every zone route — attributed to this one Cloudflare account regardless of which individual or session triggered the action, the same way claude-tag's channel actions are attributed to its provisioned service accounts rather than to whichever person tagged Claude

credential source

Cloudflare API token / wrangler OAuth session tied to this account, provisioned once and shared across all ~11 subagent*.com Workers

access scope

Every Worker, D1 database, zone, and route under this account — the full subagentjobs.com family

billing owner

This Cloudflare account itself — every deploy bills here, not to whichever operator ran wrangler

grounded in

CLAUDE.md, "# DB / CLOUDFLARE_ACCOUNT_ID=e6294e3ea89f8207af387d459824aaae"; every sibling worker's wrangler.toml account_id field

vault_keychain_postgres (1)

Vaults and credentials (managed-agents vault pattern, dogfooded in subagentcoworkers.com's own docs)

surface: vault_keychain_postgres

A credential registered once and referenced by ID at session creation — never inline in a prompt or config file, per Anthropic's own managed-agents Vaults API: "Vaults and credentials are authentication primitives that let you register credentials for third-party services once and reference them by ID."

credential source

macOS Keychain as the local secret source, Postgres as the durable audit layer — the exact pairing subagentcoworkers.com's own agent-identity.md documents: "Where a role needs a real credential... it's stored in a Vault — macOS Keychain as the local secret source, Postgres as the durable audit layer — never inline in a prompt or a config file."

access scope

Whatever MCP server or environment-variable-authenticated service the credential is scoped to (mcp_server_url or secret_name, per the real Vaults API — max 20 credentials per vault)

billing owner

The workspace owning the vault — credentials are workspace-scoped per the Vaults API's own constraint

grounded in

docs/docs/platform.claude.com/docs/en/managed-agents/vaults.md; workers/subagentcoworkers/public/docs/platform/concepts/agent-identity.md, "Vaults and credentials"

macos_claude_code (14)

macos__claude_code__design_coworker

surface: macos_claude_code

The design coworker plugin (plugins/cwc-design) acting as the operator in a local Claude Code session — 8-token design system, buddy packs, and the Figma/FigJam architecture-wireframe set.

credential source

operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects

access scope

artifact publish two-phase buddy gate; wireframe retire gated; token reads open

billing owner

operator

grounded in

plugins/cwc-design/README.md

macos__claude_code__engineering_coworker

surface: macos_claude_code

The engineering coworker plugin (plugins/cwc-engineering) acting as the operator in a local Claude Code session — builds workers from _template and keeps the typed agent schema (crates/schema, agent-gen, ts/py mirrors) in sync.

credential source

operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects

access scope

git push, schema changes, agent regeneration commits gated; builds only — cwc-deploy ships

billing owner

operator

grounded in

plugins/cwc-engineering/README.md

macos__claude_code__data_coworker

surface: macos_claude_code

The data coworker plugin (plugins/cwc-data) acting as the operator in a local Claude Code session — warehouse analyst over subagentjobs-dwh, semantic-layer-first SQL.

credential source

operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects

access scope

read-only by design; no gates

billing owner

operator

grounded in

plugins/cwc-data/README.md

macos__claude_code__operations_coworker

surface: macos_claude_code

The operations coworker plugin (plugins/cwc-operations) acting as the operator in a local Claude Code session — the fleet operating loop (contracts-first) and fleet audits (design-system, zones, health).

credential source

operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects

access scope

bulk primitive writes and zone/DNS changes gated

billing owner

operator

grounded in

plugins/cwc-operations/README.md

macos__claude_code__finance_coworker

surface: macos_claude_code

The finance coworker plugin (plugins/cwc-finance) acting as the operator in a local Claude Code session — spend tracking and the Monetization Gateway playbook (x402, USDC/OUSD).

credential source

operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects

access scope

spend_commit, enrollment_submit, pricing_rule_write all operator-gated

billing owner

operator

grounded in

plugins/cwc-finance/README.md

macos__claude_code__marketing_coworker

surface: macos_claude_code

The marketing coworker plugin (plugins/cwc-marketing) acting as the operator in a local Claude Code session — content and discoverability for agent traffic: llms.txt, Content-Signal, sitemap, api-catalog, flywheel.

credential source

operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects

access scope

content publishes and Content-Signal changes gated

billing owner

operator

grounded in

plugins/cwc-marketing/README.md

macos__claude_code__sales_coworker

surface: macos_claude_code

The sales coworker plugin (plugins/cwc-sales) acting as the operator in a local Claude Code session — durable prospect/opportunity ledger over contracts/tasks rows.

credential source

operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects

access scope

outreach_send and external_contact gated — never sends without operator approval

billing owner

operator

grounded in

plugins/cwc-sales/README.md

macos__claude_code__customer_support_coworker

surface: macos_claude_code

The customer-support coworker plugin (plugins/cwc-customer-support) acting as the operator in a local Claude Code session — triage against live health checks, curl-repro before answering.

credential source

operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects

access scope

task writes gated; triage/reads open

billing owner

operator

grounded in

plugins/cwc-customer-support/README.md

macos__claude_code__human_resources_coworker

surface: macos_claude_code

The human-resources coworker plugin (plugins/cwc-human-resources) acting as the operator in a local Claude Code session — the agent workforce: role rows + typed agent definitions + identity rows; rubric-graded reviews.

credential source

operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects

access scope

model_tier_change and identity_register gated

billing owner

operator

grounded in

plugins/cwc-human-resources/README.md

macos__claude_code__legal_coworker

surface: macos_claude_code

The legal coworker plugin (plugins/cwc-legal) acting as the operator in a local Claude Code session — compliance of what the fleet republishes, license hygiene, monetization terms.

credential source

operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects

access scope

external_send and publish gated — never sends without operator approval

billing owner

operator

grounded in

plugins/cwc-legal/README.md

macos__claude_code__product_management_coworker

surface: macos_claude_code

The product-management coworker plugin (plugins/cwc-product-management) acting as the operator in a local Claude Code session — brand voice as durable sourced guidelines on subagentbrands.com.

credential source

operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects

access scope

guideline writes gated; reads open

billing owner

operator

grounded in

plugins/cwc-product-management/README.md

macos__claude_code__bio_research_coworker

surface: macos_claude_code

The bio-research coworker plugin (plugins/cwc-bio-research) acting as the operator in a local Claude Code session — honest placeholder — gatekeeps bio-adjacent requests until a real use case exists.

credential source

operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects

access scope

no gates; nothing to gate yet

billing owner

operator

grounded in

plugins/cwc-bio-research/README.md

macos__claude_code__deploy_coworker

surface: macos_claude_code

The deploy coworker plugin (plugins/cwc-deploy) acting as the operator in a local Claude Code session — ships every Cloudflare Worker: install, typecheck, wrangler deploy, D1, secrets, curl-verify.

credential source

operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects

access scope

deploy, secret put, and D1 writes gated

billing owner

operator

grounded in

plugins/cwc-deploy/README.md

macos__claude_code__analytics_engineer_coworker

surface: macos_claude_code

The analytics-engineer coworker plugin (plugins/cwc-analytics-engineer) acting as the operator in a local Claude Code session — provenance-tagged Cloudflare analytics snapshots on subagentcache.com.

credential source

operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects

access scope

snapshot writes gated; never originates GraphQL beyond what's given

billing owner

operator

grounded in

plugins/cwc-analytics-engineer/README.md