Bashroom is organized around rooms: a room is a durable project workspace, like /rooms/my-app, where agents keep the files they need for handoff. When an agent runs a command, Bashroom starts a fresh cloud shell for that account and mounts its rooms into it, so normal bash — cat, rg, git — works on the same files another session will see later. The shell resets after each call; the room files do not. Six tools cover the whole surface: bashroom is the shell, bashroom_write writes a file byte-for-byte past bash quoting, and tree/read/search/stat read those same R2 objects directly when you only need file context — bounded, so a big file can't flood the model's context window.

Each account gets its own ephemeral sandbox and its own slice of R2. When an agent runs bash, Bashroom mounts only that account's allowed rooms at /rooms, using s3fs to make those R2 objects look like normal files. Another user's rooms are not mounted in the sandbox, and structured tools still go through the Worker's account and room checks before touching R2. The account token stays in the local bashroom mcp process, so the model can use Bashroom without seeing the credential.

For anything you'd otherwise re-explain to a new chat. Example: "read /rooms/<project>/index.md and pick up where the last session left off" — the agent catches up in seconds, no copy-paste from chat scrollback. Different agents on different machines see the same files, so context survives switching from Claude to Codex, or from your laptop to a long-running worker.

Bashroom runs in R2 and CF Sandboxes — even if you used it 200 times a day storing 50MB of notes, it'd be under $1/month. So far the cost is bearable for me to foot; that may change at some point and charge a small fee.