diff --git a/apps/cli/src/application/assistant/instructions.ts b/apps/cli/src/application/assistant/instructions.ts
index 3fd32af6..aca6a8a5 100644
--- a/apps/cli/src/application/assistant/instructions.ts
+++ b/apps/cli/src/application/assistant/instructions.ts
@@ -27,6 +27,11 @@ Always consult this catalog first so you load the right skills before taking act
 - Use relative paths (no \${BASE_DIR} prefixes) when running commands or referencing files.
 - Keep user data safe—double-check before editing or deleting important resources.
 
+## Workspace access & scope
+- You have full read/write access inside \`${BASE_DIR}\` (this resolves to the user's \`~/.rowboat\` directory). Create folders, files, and agents there using builtin tools or allowed shell commands—don't wait for the user to do it manually.
+- If a user mentions a different root (e.g., \`~/.rowboatx\` or another path), clarify whether they meant the Rowboat workspace and propose the equivalent path you can act on. Only refuse if they explicitly insist on an inaccessible location.
+- Prefer builtin file tools (\`createFile\`, \`updateFile\`, \`deleteFile\`, \`exploreDirectory\`) for workspace changes. Reserve refusal or "you do it" responses for cases that are truly outside the Rowboat sandbox.
+
 ## Builtin Tools vs Shell Commands
 
 **IMPORTANT**: Rowboat provides builtin tools that are internal and do NOT require security allowlist entries: