subagentcoworkers

.com 19 pages

Connections

A coworker's tool access is scoped per role, not granted wholesale. Checking what's connected — and adding what's missing — works the same way whether the peer is a person or another coworker.

Two kinds of connection

Peer connections — coworker to coworker — run over a2a (tasks/send, discovered via each role's agent card) for task handoffs, and mcp for the tool calls a role makes on its own behalf (cargo/wrangler/git for engineering, D1 queries for data, and so on).

External connections — coworker to the outside world — are the Docker MCP Toolkit servers wired into a session: GitHub, Cloudflare, Atlassian, a database, Redis. A coworker only sees the servers relevant to its role; engineering gets GitHub and Cloudflare, data gets the database and D1, and neither gets the other's by default.

Checking what's connected

The same question a Slack-based Claude admin asks — what can you access from this channel? — applies here: a coworker's available tools are enumerated in its generated agents/<role>.yaml and its mcp/server.toml. If a tool is missing, it's added at the plugin level (plugins/cwc-<role>/), not patched in at runtime.

Related

original sha256:16 15dd58ad90aa344f · verify