Claude Code 2.1.126 team conventions

A Claude Code 2.1.126 rollback rehearsal found the diff that bundled a refactor with an invisible intent shift, and behind it an MCP connector demo nobody owned. Claude Code 2.1.126 team conventions start exactly there: every connector needs a steward, a written owner, and a permission note reviewers can check before merge. A connector steward is the named owner who answers for an MCP server's scopes, data classes, and rollback path. Demos do not need owners; production does.

The connector nobody owned

Counter-thesis: Trust does not scale when receipts stay in chat; the expensive bug is duplicated edits nobody reconciled.

The wrong path: We believed tighter prompts could substitute for repo contracts, and we ran cohorts that way before scopes lived in boring, explicit files.

Diagnosis: Goodhart's law caught us: once green CI became the target, it stopped measuring the thing we cared about, which was whether anyone could explain the merge.

Thesis: Claude Code contracts live in files, not vibes.

The tension shows up the moment someone asks why the agent touched a file and the answer lives only in chat.

Stewardship in four fixes

Each fix below gives one invisible habit a file, an owner, and a reviewer path.

MCP data surprises. A connector built on the Model Context Protocol pulls customer data, and the shock lands during audit; context feels local while data leaves the laptop boundary.

Named fix: Data-class tags. Tag connectors with data classes plus retention expectations. Security reviews stop learning basics during incidents. This is the part reviewers can actually verify.

Session amnesia. Daily session rotation erodes shared memory, because institutional knowledge cannot live only in transcripts.

Named fix: Weekly retro note. Append one .md changelog of decisions agents relied on. New teammates inherit reasoning instead of rumor.

Skill drift. Skills proliferate until reviewers cannot tell which one governed a diff; discovery beats documentation unless precedence is explicit.

Named fix: Skill index. Maintain skills/README.md listing activation cues and deferrals. On-call engineers resolve mismatches without replaying sessions, which is what makes review cheaper.

Hook thunder. Hooks that fire everywhere become wallpaper, and wallpaper does not gate permissions.

Named fix: Hook budget. Cap active hooks per repo and document each trigger plus its rollback. Alerts regain urgency, and a slash command in .claude/commands that lists active hooks with their owners keeps the budget visible.

# CLAUDE.md supremacy fragment

- Hooks win over informal chat agreements; document each hook's rollback path.
- Skills defer to this file on security-sensitive folders.
- Bash approvals never bypass the red-folder list maintained here.

We map this discipline to the Review step of our methodology: evidence beats narration when merges touch shared surfaces. The team conventions cluster carries the same rule, and the Claude Code 2.1.122 note applies it to clogged merge trains.

One image: a connector without a steward is a guest with a master key; polite, useful, and unaccountable.

The evidence pack

Reviewers need four answers before trusting a connector-touching merge.

The scope receipt:

• Primary-doc links were smoke-checked after publishing edits.
• MCP connectors mentioned (if any) list owners.
• Verification command output is pasted or linked.
• Forked agent work lists parent + child responsibilities.

If your repo cannot state boundaries plainly, agents will guess, and guessing scales poorly.

Best ways to use this research

• Best for: Claude Code teams adding an owner column to their connector list before the next 2.1.126-era audit asks for one.
• Best first artifact: data-class tags; tag every connector this week and the next security review starts from inventory instead of interviews.
• Best comparison angle: count the connectors a new reviewer can explain from the repo alone, then count the ones that need a meeting.

Common questions

• What do Claude Code 2.1.126 team conventions require for MCP connectors?

  A steward: a written owner plus a permission note reviewers can check before merge. Connector demos without stewards are how rollback rehearsals find surprises, so the data-class tags fix adds the data classes touched and the retention expectations to every connector entry.

• What is a data-class tag?

  A short label on an MCP connector recording which classes of data it touches and what retention applies. It exists because context feels local while data leaves the laptop boundary. With tags in place, security reviews stop learning basics during incidents.

• How does a skill index help reviewers?

  It lists every skill's activation cues and deferrals in skills/README.md, so a reviewer can tell which skill governed a diff without replaying the session. Skill drift recurs because discovery beats documentation unless precedence is explicit, and the index makes precedence explicit.

• Why cap hooks per repo?

  Because hooks that fire everywhere train developers to ignore them, and ignored hooks are worse than no hooks. The hook budget caps the active set and documents each trigger plus rollback, so the alerts that remain keep their urgency.

Further reading

• Claude Code getting started
• Claude Code skills
• Anthropic Claude Code product page
• anthropics/skills on GitHub

Next step

If your connector list has no owner column yet, contact us and we will walk one rollback rehearsal with your leads. One rehearsal usually settles the stewardship argument.