An agent did a thing it shouldn’t have. Not because it was malicious — because the role it was playing didn’t have a name, so it grabbed the closest credential to hand. Mine.
The fix wasn’t “stop doing that.” The fix was naming the role. Once the role had a name, it could have its own user, its own scope, its own audit trail, and its own gate. The behavior didn’t change; the attribution did.
I now treat unnamed roles the same way I treat unnamed variables: as a smell. If two sessions of work keep drifting toward the same shape, that shape needs a name before its third session, or it grows ad-hoc bypasses faster than you can audit them.