# Fleet Identity, Class, and Runtime Each roster field has one job. Do not use names or model strings as authority shortcuts. | Concern | Field | Contract | | ----------------------- | ------------------------------- | -------------------------------------------------------------------------------------------- | | Stable machine identity | `agents[].name` | Unique, immutable mutation target and exact service/session name. | | Display identity | `agents[].alias` | Human-facing label only; may be changed and grants no authority. | | Behavioral contract | `agents[].class` | Resolves through the shared baseline plus `roles.local` persona library. | | Tool boundary | `agents[].tool_policy` | Must match protected canonical classes; cannot independently grant authority. | | Harness | `agents[].runtime` | One of `claude`, `codex`, `opencode`, or `pi`, declared in `runtimes`. | | Backend selection | `agents[].provider` and `model` | Explicit non-empty data; capability validity is not inferred from the display name or class. | | Effort | `agents[].reasoning` | `low`, `medium`, or `high`. | | Local placement | `working_directory` | Explicit safe local work path; not remote placement authority. | Tess and Ultron are conventional instance/display names only. They are not products, required machine identities, role aliases, or authority-bearing classes. A configurable interaction instance uses `class: interaction`; a configurable validation instance uses `class: validator`. Any stable name and alias satisfying the structural contract may be used. Class aliases are deliberately narrow: `implementer → code`, `reviewer → review`, and `operator-interaction → interaction`. No runtime, provider, model, persona prose, or instance name changes this mapping. See [role classes](../reference/role-classes.md) and the [validated generic example](../examples/roster-v2.yaml). Roster v2 is local-only. It contains no host/SSH placement, connector, channel, secret-reference, arbitrary-command, per-agent socket, or gateway mapping fields. Those concerns require separate requirements and threat models.