For agents

Identity first. Tools second.

Directive gives an agent a profile before it gives the agent power: who it is, what it can access, what operating rules apply, and what evidence it must leave behind.

connect → present Passport JWT
initialize → profile = ops
tools/list → memory_*, tasks_*, passport_*

connect → profile = readonly
tools/list → read-only subset

passport_get_profile({ profile: "ops" })
→ identity + scopes + operating brief

Scoped

The profile decides which tools are visible before the agent can call them. Disallowed tools are absent from the surface.

Portable

The same profile idea can travel across Claude, Codex, Cursor, Hermes, local models and future MCP clients.

Audited

Useful agent work needs receipts: what changed, who did it, what scope applied and what still needs approval.

Operating loop

Connect as a role. See the right tools. Work with evidence.

That loop is the difference between a clever local setup and an agent workspace that can be handed to another model, machine, client or teammate without rebuilding the whole context stack.