When multiple agents share a workspace, they contaminate each other's context. An engineering agent's half-finished refactor confuses the ops agent's log analysis. Client A's credentials appear in the context when working on Client B. One agent's bad session pollutes another's memory.
Symptoms:
- Agents reference files they shouldn't know about
- Context windows fill with irrelevant information
- Resetting one agent's context requires resetting all of them
- Security boundaries between clients/projects are unclear
Give each agent its own filesystem workspace with separate memory, credentials, and configuration.
workspace-engineer/
├── IDENTITY.md
├── SOUL.md
├── MEMORY.md
├── memory/
│ ├── 2026-03-25.md
│ └── 2026-03-26.md
└── projects/
workspace-ops/
├── IDENTITY.md
├── SOUL.md
├── MEMORY.md
├── memory/
│ └── 2026-03-26.md
└── runbooks/
-
Create a workspace directory per agent. Each agent's working directory is its own root.
-
Scope credentials. Each agent only has access to the credentials it needs. The research agent doesn't need SSH keys. The ops agent doesn't need the design tool API key.
-
Separate memory files. Each agent maintains its own
MEMORY.md(long-term) andmemory/directory (daily logs). No shared write access to memory. -
Shared read-only resources. Some things should be shared (company docs, style guides). Mount or symlink these as read-only in each workspace.
-
Coordinator consolidation. If you need a unified view, designate one agent (the orchestrator) to read from multiple workspaces and consolidate. One-way: agents don't read each other's workspaces directly.
- Disk space: Multiple copies of shared resources. Minimal in practice (text files are tiny).
- Coordination overhead: Information doesn't flow between agents automatically. You need explicit sharing mechanisms.
- Setup complexity: More directories to manage. Automation helps (script the workspace creation).
- You have only one agent. Isolation is meaningless with a single workspace.
- All agents work on exactly the same project with no client separation needs.
- Your agents are stateless (no memory between sessions). Isolation matters most for persistent context.
- Identity as Architecture — each workspace includes identity files
- Memory Consolidation — how information flows between isolated workspaces
- External Action Gates — credential scoping is part of isolation