diff --git a/configs/mcp.nix b/configs/mcp.nix
index 1c21061..013a4e3 100644
--- a/configs/mcp.nix
+++ b/configs/mcp.nix
@@ -7,7 +7,9 @@
 {
   users.users.mcp = {
     isSystemUser = true;
-    uid = 850; # Pinned to avoid auto-assign conflicts (800-899 range is unused on all nodes).
+    uid = 850; # NEVER CHANGE. Rootless podman caches the UID in storage, subuid mappings,
+                # and systemd sessions. Changing it destroys all container state.
+                # See log/2026-04-03-uid-incident.md.
     group = "mcp";
     home = "/srv/mcp";
     shell = pkgs.shadow; # nologin equivalent