Anatomy Of A Receipt

Let me show you what the cockpit writes to disk every time you do something with it.

A single line. JSON. Seven fields.

``json {"ts":1747526400123,"dept":"AE2","tool":"edit","tokens":880,"cents":1,"shain":"7a3b...","shaout":"e91c..."} ``

That is a receipt. It is twelve cents short of nine hundred bytes. It lives on your disk, indexed by date, append-only, never compacted by the cockpit without your explicit consent. It survives a power cut. It survives a network outage. It survives me going bankrupt next week. It survives Stripe deplatforming the company tomorrow. It survives Anthropic changing its API terms in 2027. The receipt is yours from the millisecond it is written.

Here is what each field means and why it is non-negotiable.

ts

A millisecond Unix timestamp. Not a date string. Not a human-readable label. A monotonic integer that orders the entire ledger globally without timezone arguments. When you want to know what you did between 9:14 and 9:17 last Tuesday, you grep on a range of integers. The range cannot lie. The range cannot be subtly localized into the wrong time zone by some helpful library. The range is the only thing on earth that knows exactly when the work happened.

The major SaaS tools you use produce no ts. They produce activity logs you can scroll. You cannot grep them. You cannot range over them. You cannot prove a single event happened at a single moment. The lack of ts is the absence of bookkeeping.

dept

Which AtomEons department fired the action. AE0 through AE14. Architect. Builder. Test Engineer. Security Reviewer. Release Steward. Each one has a name, a defined role, a documented escalation path. The dept field is the chain-of-custody marker. If something went wrong with the action, the dept tells you which doctrine to apply.

The major SaaS tools you use do not have a dept concept. They have a generic "AI" actor. When the AI does the wrong thing, you have no way to bound the failure to a specific responsibility. The failure is everywhere and nowhere. That is the architectural feature that protects the vendor and harms you.

tool

Which specific tool, by name, inside the dept. *edit* means a file edit. *grep* means a search. *bash* means a shell command. *write* means a file creation. The tool field is granular enough that you can reconstruct exactly what kind of side effect this action had on your environment. It is also granular enough that you can sum across receipts to know — for any time window — how many file edits versus searches versus shell commands the cockpit performed on your behalf.

The major SaaS tools you use have aggregate counters at best. You can know "AI did 470 actions this month." You cannot know "AI did 340 file edits, 87 searches, 28 shell commands, and 15 file creations." The aggregate is the lie.

tokens

The number of tokens consumed by the action. Not characters. Not words. Actual model-API tokens, the unit by which the provider charges you. The tokens field is what makes the receipt economically meaningful. If you want to know what last Tuesday's work cost in token terms, you sum tokens over a time range and multiply by the going rate of the model that fired.

The major SaaS tools you use either hide tokens entirely (subscription bundle) or surface them as monthly aggregates buried in a billing dashboard. You cannot know what a specific action cost. You cannot perform the optimization step of "this action used 4,400 tokens, was that worth the result?" The optimization is impossible without the data, and the data is withheld.

cents

The dollar cost of the action, in cents, as the cockpit understood it at the time the action fired. Computed from the provider's published per-token price at the moment of the call. Not estimated. Not aggregated. Actual cents this action moved out of your account. The cents field is what lets you reconcile against your Stripe / Anthropic / OpenAI bill at the end of the month. If the bill does not match the sum of cents in your receipts log, somebody is wrong, and the receipts log is the auditable side.

The major SaaS tools you use never expose per-action cents. The bill comes once a month and is presented as a single line item. You have no way to verify the line item against anything except trust.

shain and shaout

Cryptographic hashes of the inputs and outputs of the action. Not the raw bytes — the hashes. Sixty-four hex characters each. If you ever need to prove that the same inputs would have produced the same outputs, you do not need to re-run the action. You compute the hash of your current input, compare to sha_in, and you know whether the input was the same. Same with output. The hashes are the audit trail for the deterministic part of the work.

The major SaaS tools you use never expose hashes. The work is, by their architecture, unverifiable after the fact. You cannot prove that the AI did the same thing twice. You cannot prove that the result was unmodified between when it was generated and when you read it. You cannot prove that nobody at the vendor edited the output in transit. The hashes would prove all of this. The hashes are withheld.

what you do with the receipt

You ignore the receipt. The receipt is for when you need it, not for when you do not. The vast majority of the cockpit's receipts will never be read by any human. They sit on your disk. They take up about thirty kilobytes per month for a heavy user. They cost nothing to store.

But when you do need a receipt — when a customer asks what happened during a billable hour, when a contract dispute requires you to prove what code was generated when, when your tax auditor asks how much you spent on AI services last year, when an employee leaves and you need to know what they did on the cockpit before they left — the receipts are there. Filed. Hashed. Timestamped. Auditable.

This is the difference between owning your work and renting access to a record of it.

— Atom\ Marco Island, Florida\ 9 May 2026, 8pm Eastern