Canonical receipt service
Owns task identity, intent, approval, immutable artifacts or item sets, authority provenance, execution events, verification, failure classification, closure, corrections, and linked follow-up tasks.
Correlate approval, execution, verification, failure, and access closure in the same conversation without turning chat into a raw event log.
Follow the implementationThe message thread should never be the only record of an agent task. Messages can arrive late, delivery can fail, users can delete history, and conversational language can blur important distinctions. Build a canonical task and receipt service first, then render iMessage summaries from its verified state.
The architecture needs stable correlation across request, approval, grant, agent runtime, tools, browser actions, provider outcomes, independent checks, revocation, outbound messages, and replies. Every channel event points back to the same task, but the receipt remains immutable once finalized.
The inbox view can live in the conversation itself, a companion application, or a secure web page linked from iMessage. The important part is consistent state: needs approval, running, complete, partial, failed, rolled back, unverified, or attention required.
Owns task identity, intent, approval, immutable artifacts or item sets, authority provenance, execution events, verification, failure classification, closure, corrections, and linked follow-up tasks.
Maps accountable states into explicit channel-safe templates with outcome, failed checks, closure, and next action.
Issues opaque expiring links and requires appropriate authentication before exposing sensitive evidence.
Turns DETAILS, REVOKE, RETRY, ROLLBACK, and remediation replies into fresh policy-checked actions.
This simplified schema separates user intent, authority, execution, and outcome while retaining a common task identity.
Create identifiers before the first approval message. Include them in policy, agent, browser, credential, verification, receipt, and delivery events.
Normalize events while retaining source, timestamp, actor, integrity metadata, and redaction status. Never trust a model summary as the only evidence.
Define required checks and closure conditions by task type. A provider success cannot produce complete status when a required custom route fails.
if authority.open: state = "attention"
elif rollback.passed: state = "rolled_back"
elif required_checks.failed: state = "partial"
elif required_checks.unknown: state = "unverified"
else: state = "complete"Use deterministic receipt fields for outcome, failure, checks, closure, and next action. Language generation can shorten or clarify within those facts.
Bind access to receipt, intended recipient, expiry, and authentication policy. Keep account names, task content, and receipt IDs out of the URL.
Use receipt ID plus version as the idempotency key. Record provider acceptance, delivery when available, and fallback handling without rerunning the task.
Resolve the task, authenticate sensitive actions, reevaluate current state, and create a new linked request. Historical receipts stay unchanged.
| Reply | Policy action | Expected behavior |
|---|---|---|
| DETAILS | Low risk | Issue or refresh an authenticated detail link to the immutable receipt. |
| REVOKE | Verify context | Identify active grants and ask for confirmation when multiple tasks or accounts match. |
| RETRY | Fresh evaluation | Create a new task with current artifact, destination, policy, and authority requirements. |
| ROLLBACK | Step-up approval | Verify rollback target and consequence before issuing temporary authority. |
| FIX DNS | Separate capability | Start a new infrastructure-change task; do not reuse the deployment grant. |
| STOP | Immediate | Cancel safe pending work, revoke available authority, and report what could not be stopped. |
All required execution, outcome, and closure conditions are satisfied.
State what succeeded and failed, then offer a bounded remediation action.
Keep the task prominent until sensitive access is closed or explicitly accepted.
Late tool and verification events cannot incorrectly regress finalized state.
Provider retries do not create duplicate receipt messages.
The router asks for clarification when multiple open tasks could match.
Users can authenticate and refresh access to the same immutable receipt.
Unknown and failed checks cannot be summarized as complete.
Open sensitive grants remain visible and trigger escalation policy.
The iMessage thread is the interface. The canonical receipt is the evidence. Neither should pretend to be the other.
Keep the canonical receipt, record delivery state, retry idempotently, and use approved fallback channels. Never rerun agent execution.
Messaging failure is not task failure.Append a correction event and send an explicit update referencing the prior status. Do not silently rewrite delivered history.
Corrections need provenance.The canonical receipt remains available after authentication according to retention policy. Message history is not the system of record.
Conversation is a view, not storage.The text-message AI assistant can preserve the natural request and approval flow while a canonical task service manages state and evidence underneath. The user receives concise updates without losing accountability.
For a computer-use cache, the inbox can distinguish persistent safe browser state from temporary sensitive access. Any authority that remains open can stay in the attention view until revoked.
When an AI agent builds websites, Super can correlate preview approval, artifact digest, deployment grant, provider release, Render verification, custom-domain failure, and revocation in one task-centered iMessage thread.
The channel adapter depends on the available messaging infrastructure, but the canonical receipt, state derivation, secure links, and reply routing should remain channel-independent so SMS or an app inbox can serve as fallback.
Use structured state templates for factual claims. A model can improve readability within supplied fields, but it cannot invent status, verification, failure, access closure, or next actions.
Maintain explicit thread and task context, use short human-friendly task references, and ask for clarification when a reply could apply to multiple active tasks or accounts.
Append corrections or new verification versions while preserving previous states. A delivered receipt should never be silently rewritten because users may have acted on it.
Retain the minimum structured evidence required for accountability under user preferences, privacy obligations, and risk. Exclude secret values and support secure export and deletion.