Identities
Real boundaries, not a mockup -- every card below is a row in this Worker's own database, grounded in a real doc or a real file in this repo. See the grounding for what each column means.
macos_desktop_cowork (1)
macos__desktop_cowork__engineering_coworker
The operator's own Mac session — Claude Desktop Cowork profile, tied to that one machine/operator, closest analogue to claude-tag's DM mode (no shared channel scope, personal connectors)
profiles/claude_desktop_cowork.json — npx/binary MCP servers running locally under the Mac's own OS-level auth (Cloudflare, GitHub, filesystem, chrome-devtools, engineering-coworker Rust binary)
Whatever the Mac's own npx/binary MCPs can reach — Cloudflare account, GitHub, local filesystem, a locally running Chrome instance, cargo/wrangler/git on that machine
Alex@jadecli.com (the individual operator), same as claude-tag attributes DM work to "your name" and bills "your seat"
CLAUDE.md, "Naming ontology: {device_surface}__{client_surface}__{coworker_enum}"
cloud_docker_mcp (1)
cloud__docker_mcp__engineering_coworker
Claude inference running in Anthropic's cloud, acting through a fixed, provisioned Docker MCP Toolkit catalog — closest analogue to claude-tag's channel mode: same capability regardless of which session invokes it
Docker Desktop MCP Toolkit — 17 servers snapshotted into the catalog, each with its own provisioned credential, none of them the raw Mac-local auth used by the macos__* surface
Exactly the 17 mcp__MCP_DOCKER__* tools snapshotted in the catalog — this repo's own CLAUDE.md rule: "code written for cloud__* surface must use mcp__MCP_DOCKER__* tools only"
The organization/workspace owning the Docker MCP Toolkit catalog, same as claude-tag bills channel work "to the organization"
CLAUDE.md, "Naming ontology" + "cloud__docker_mcp__engineering_coworker — Claude inference in Anthropic cloud using Docker MCP Toolkit catalog servers"
mac_binary_mediated (1)
engineering-coworker (crates/engineering-coworker)
A Rust MCP server (rmcp, stdio) that executes cargo/wrangler/git/D1 operations on the developer's real Mac on Claude's behalf — Claude is never handed the raw credential, mirroring claude-tag's own Agent Proxy: "Agent Proxy attaches a credential... the model and the sandbox itself are not given the key."
The Mac's own git/cargo/wrangler auth (SSH keys, cargo registry token, wrangler OAuth session) — held by the binary process, never passed through to the calling model
cargo_check, cargo_test, wrangler_deploy, d1_query, git_status, git_commit_push — exactly the six tools this binary exposes, no more
The operator whose Mac the binary runs on — attribution flows through, same as any macos__* surface action
CLAUDE.md, "engineering-coworker MCP server (crates/engineering-coworker)"; agent-identity.md, "Agent Proxy" (Anthropic's own Agent Proxy pattern this binary parallels in spirit)
cloudflare_account (1)
Cloudflare account e6294e3ea89f8207af387d459824aaae (Alex@jadecli.com)
Every subagent*.com Worker deploy, every D1 write, every zone route — attributed to this one Cloudflare account regardless of which individual or session triggered the action, the same way claude-tag's channel actions are attributed to its provisioned service accounts rather than to whichever person tagged Claude
Cloudflare API token / wrangler OAuth session tied to this account, provisioned once and shared across all ~11 subagent*.com Workers
Every Worker, D1 database, zone, and route under this account — the full subagentjobs.com family
This Cloudflare account itself — every deploy bills here, not to whichever operator ran wrangler
CLAUDE.md, "# DB / CLOUDFLARE_ACCOUNT_ID=e6294e3ea89f8207af387d459824aaae"; every sibling worker's wrangler.toml account_id field
vault_keychain_postgres (1)
Vaults and credentials (managed-agents vault pattern, dogfooded in subagentcoworkers.com's own docs)
A credential registered once and referenced by ID at session creation — never inline in a prompt or config file, per Anthropic's own managed-agents Vaults API: "Vaults and credentials are authentication primitives that let you register credentials for third-party services once and reference them by ID."
macOS Keychain as the local secret source, Postgres as the durable audit layer — the exact pairing subagentcoworkers.com's own agent-identity.md documents: "Where a role needs a real credential... it's stored in a Vault — macOS Keychain as the local secret source, Postgres as the durable audit layer — never inline in a prompt or a config file."
Whatever MCP server or environment-variable-authenticated service the credential is scoped to (mcp_server_url or secret_name, per the real Vaults API — max 20 credentials per vault)
The workspace owning the vault — credentials are workspace-scoped per the Vaults API's own constraint
docs/docs/platform.claude.com/docs/en/managed-agents/vaults.md; workers/subagentcoworkers/public/docs/platform/concepts/agent-identity.md, "Vaults and credentials"
macos_claude_code (14)
macos__claude_code__design_coworker
The design coworker plugin (plugins/cwc-design) acting as the operator in a local Claude Code session — 8-token design system, buddy packs, and the Figma/FigJam architecture-wireframe set.
operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects
artifact publish two-phase buddy gate; wireframe retire gated; token reads open
operator
plugins/cwc-design/README.md
macos__claude_code__engineering_coworker
The engineering coworker plugin (plugins/cwc-engineering) acting as the operator in a local Claude Code session — builds workers from _template and keeps the typed agent schema (crates/schema, agent-gen, ts/py mirrors) in sync.
operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects
git push, schema changes, agent regeneration commits gated; builds only — cwc-deploy ships
operator
plugins/cwc-engineering/README.md
macos__claude_code__data_coworker
The data coworker plugin (plugins/cwc-data) acting as the operator in a local Claude Code session — warehouse analyst over subagentjobs-dwh, semantic-layer-first SQL.
operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects
read-only by design; no gates
operator
plugins/cwc-data/README.md
macos__claude_code__operations_coworker
The operations coworker plugin (plugins/cwc-operations) acting as the operator in a local Claude Code session — the fleet operating loop (contracts-first) and fleet audits (design-system, zones, health).
operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects
bulk primitive writes and zone/DNS changes gated
operator
plugins/cwc-operations/README.md
macos__claude_code__finance_coworker
The finance coworker plugin (plugins/cwc-finance) acting as the operator in a local Claude Code session — spend tracking and the Monetization Gateway playbook (x402, USDC/OUSD).
operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects
spend_commit, enrollment_submit, pricing_rule_write all operator-gated
operator
plugins/cwc-finance/README.md
macos__claude_code__marketing_coworker
The marketing coworker plugin (plugins/cwc-marketing) acting as the operator in a local Claude Code session — content and discoverability for agent traffic: llms.txt, Content-Signal, sitemap, api-catalog, flywheel.
operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects
content publishes and Content-Signal changes gated
operator
plugins/cwc-marketing/README.md
macos__claude_code__sales_coworker
The sales coworker plugin (plugins/cwc-sales) acting as the operator in a local Claude Code session — durable prospect/opportunity ledger over contracts/tasks rows.
operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects
outreach_send and external_contact gated — never sends without operator approval
operator
plugins/cwc-sales/README.md
macos__claude_code__customer_support_coworker
The customer-support coworker plugin (plugins/cwc-customer-support) acting as the operator in a local Claude Code session — triage against live health checks, curl-repro before answering.
operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects
task writes gated; triage/reads open
operator
plugins/cwc-customer-support/README.md
macos__claude_code__human_resources_coworker
The human-resources coworker plugin (plugins/cwc-human-resources) acting as the operator in a local Claude Code session — the agent workforce: role rows + typed agent definitions + identity rows; rubric-graded reviews.
operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects
model_tier_change and identity_register gated
operator
plugins/cwc-human-resources/README.md
macos__claude_code__legal_coworker
The legal coworker plugin (plugins/cwc-legal) acting as the operator in a local Claude Code session — compliance of what the fleet republishes, license hygiene, monetization terms.
operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects
external_send and publish gated — never sends without operator approval
operator
plugins/cwc-legal/README.md
macos__claude_code__product_management_coworker
The product-management coworker plugin (plugins/cwc-product-management) acting as the operator in a local Claude Code session — brand voice as durable sourced guidelines on subagentbrands.com.
operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects
guideline writes gated; reads open
operator
plugins/cwc-product-management/README.md
macos__claude_code__bio_research_coworker
The bio-research coworker plugin (plugins/cwc-bio-research) acting as the operator in a local Claude Code session — honest placeholder — gatekeeps bio-adjacent requests until a real use case exists.
operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects
no gates; nothing to gate yet
operator
plugins/cwc-bio-research/README.md
macos__claude_code__deploy_coworker
The deploy coworker plugin (plugins/cwc-deploy) acting as the operator in a local Claude Code session — ships every Cloudflare Worker: install, typecheck, wrangler deploy, D1, secrets, curl-verify.
operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects
deploy, secret put, and D1 writes gated
operator
plugins/cwc-deploy/README.md
macos__claude_code__analytics_engineer_coworker
The analytics-engineer coworker plugin (plugins/cwc-analytics-engineer) acting as the operator in a local Claude Code session — provenance-tagged Cloudflare analytics snapshots on subagentcache.com.
operator's local wrangler OAuth + rotated *_WRITE_SECRET store (~/.config/subagentjobs/secrets.json); per-plugin gates.toml governs side effects
snapshot writes gated; never originates GraphQL beyond what's given
operator
plugins/cwc-analytics-engineer/README.md