Building with agents: Receipts + Brain
A way of working, not a product. It's how this whole project is built — and it applies to any agentic or multi-agent system. Two rules cure the two chronic failures of agents: claiming "done" without proof, and losing context between steps.
Contents
1. Why it works
Observed in practice, repeatedly:
- One pass instead of many. A well-framed task runs as one audit → one repair, with no "redo it" loops. The agent doesn't circle back, because every step is closed with proof, not a promise.
- Feed the spec through the brain — much faster, far cheaper. Load the specification and plan into the brain (external state) first, then work from it, and the task gets done several times faster and with markedly fewer tokens: the agent doesn't re-read everything or hold context in one bloated window — it picks up the current state and continues from where it left off.
- Higher quality. Verifying against code and receipts, not words, removes silent errors and regressions before they pile up.
In one line
Think with the brain (external state), close with a receipt (proof), verify against the code (not against words).
2. The two pillars
Receipt — no item counts as done without proof. Proof is not "I fixed it" — it's a checkable fact: a commit hash, a test result (red → green), command output, an external check. No receipt → the item is open.
Brain — plans, an action log, and decisions live not in one pass's memory but in durable storage (a repository-vault). State survives between sessions, so nobody holds everything in their head and nothing gets confused. This is where the speed and token savings come from: at session start the agent reads the brain and continues, instead of starting over.
3. Ticket & receipt
Each unit of work is a ticket with a status and a mandatory receipt on
close: root (what's wrong, at an exact file:line), action,
acceptance criterion (which check proves it), receipt (the proof). What counts
as a receipt, by kind of work:
| Kind of work | Valid receipt |
|---|---|
| Code change | commit hash + test red→green + N passed; 0 failed |
| Deploy | binary sha256 before and after + confirmation it's live on every host |
| Infra/config | command output before and after (e.g. external connect → refused) |
| Checking work | confirmation from code/binary (grep, compare sha), not from a report |
| False alarm | proof of why the finding is wrong, then revert |
A receipt must be reproducible by someone else. If it can't be re-checked, it isn't a receipt. And you verify from code, not from a report — a report can lie or lag; an unchanged binary sha means the layer wasn't touched, whatever the report says.
4. The one-pass cycle
1. Read the brain: current plan + log (where you stopped). 2. Take the next open ticket by priority (critical → high → medium → low). 3. Find the root in the code (file:line), not from memory. 4. Make the change. Write a test for the original failure (red → green). 5. Build / run tests. Get the proof. 6. Close the ticket with a receipt. Write it into the log. 7. If it's a deploy — verify the sha on every host. 8. Next ticket. Skip nothing silently: a skip/limit is its own entry.
5. Iron rules
- No receipt, no "done". Words don't close a ticket.
- Verify from code and binary, not from a report. A report is a hypothesis; code is fact.
- A test for the original failure is mandatory for a non-trivial change (red → green).
- Money/security: fail-closed by default. In doubt, stop and ask — don't "roughly fix".
- Silence is forbidden. Any skip, limit, or deferral is an explicit brain entry.
- Nothing irreversible without confirmation — prove it's safe first, then do it, in a window.
6. The full method
This page is the short version. The full working method — ticket format, the receipt table,
GitHub and brain discipline, prioritization — ships as AGENTS.md in every TimeLayer
repository, in English and Russian, so any agent can pick it up:
TimeLayer