Back to Research

Agentic team workflows that survive review

A field guide to agentic team workflows: the scope, ownership, and verification receipts that keep parallel agent output reviewable after the session ends.

A Pool in the Meadow, landscape painting by Alexander Helwig Wyant (1870).
Rogier MullerApril 4, 20266 min read

An agentic team workflow is a shared, file-based contract that keeps parallel agent output explainable after the session ends. If a teammate has to scroll three days of chat history to defend a diff they never wrote, the contract is missing, not the talent. The fix is receipts in files: who scoped the work, what the agent actually ran, and which rules governed it.

This matters more as you add agents. Tools like Cursor, Anysphere's AI code editor, and Claude Code, Anthropic's coding agent, let one engineer run several agents at once. That feels like extra hands. It is also extra communicators, and communicators need a contract before they need horsepower. Brooks's law applies here: adding workers to a late project makes it later because the communication paths multiply, and agents without receipts do the same thing to your review queue.

Make Codex runs replayable in AGENTS.md

The Codex CLI, OpenAI's coding agent, is convenient precisely because it hides the terminal. That convenience is also where verification quietly disappears. Commands ran, the narrative did not, and a green check merges that no reviewer ever watched.

Close the gap with a replay sandwich. Have your AGENTS.md require three things in every PR, in order: an intent line, the command transcript, and a diff summary. Now review is reproducible without anyone standing behind a terminal. The Codex quickstart covers the CLI setup; the receipt habit is yours to add on top.

The intent line is the cheap part people skip. One sentence saying what the agent was asked to do tells a reviewer whether the diff matches the goal, before they read a single line of code. The transcript proves the tests in the diff actually ran, not just that they exist.

Write one connector card per MCP server

Wire up an MCP server in a hurry and a connector can touch data nobody put on the diagram. Connectors ship as capability demos by default. Least privilege needs explicit trust boundaries, and those boundaries have to live somewhere a reviewer can find them.

A connector card is one short markdown file per MCP server. It names allowed actions, forbidden actions, the owner, and the rollback. Incidents shrink because operators finally know what "off" looks like and who is allowed to press it.

# MCP connector card: <server name>

Owner: <name / team>
Allowed: read issues, comment on PRs
Forbidden: write to prod DB, delete branches, touch secrets
Rollback: revoke token in <location>, ping <owner> in #incidents

Make child agents return receipts

Delegation stacks fall apart when summaries replace receipts. A parent agent green-lights a child's work based on a tidy paragraph, and the actual diff is a mystery. That is the telephone game running at branch speed.

So make every child return a receipt block: the paths it touched, the commands it ran, and the tests that prove the regression guards still hold. Parents stop confidently approving diffs they cannot see. This is the team version of the single-diff discipline in how to clean up agent-written code, and it sits inside the broader AI coding governance cluster.

The receipt does not need to be long. Three short lists, paths plus commands plus tests, give the parent enough to either approve with confidence or send the child back. The point is that nothing gets summarized away on the path up the delegation stack.

Force a decision stub in the PR template

CI is green and a reviewer still asks "why this approach?" with no written answer anywhere. That is Chesterton's fence without a label: the reasoning existed at some point and then vanished. People optimize for the check passing, not for the next reader.

A decision stub puts three lines back in the PR template: constraints considered, rejected alternatives, and verification proof. Debate moves from vibes to explicit tradeoffs. One snapshot like the one below covers Cursor's agent, Claude Code, and the Codex CLI, because it names contracts instead of features.

---
description: Delegation boundary snapshot (adapt globs to your repo)
globs:
  - "**/*"
alwaysApply: false
---

- Cursor: keep scopes explicit in `.mdc`; forbid undeclared MCP domains.
- Claude Code: cite `CLAUDE.md` precedence before expanding bash scope.
- Codex: ensure `AGENTS.md` carries replay-friendly verification notes for CLI runs.

A workflow is real when these four answers come from files, not memory.

Gate Question
Replay proof Which commands prove the regression guards?
Receipt match Does the PR body list scopes plus a verification transcript?
Rules precedence Which .mdc, SKILL.md, or CLAUDE.md governed behavior?
Connector truth Which MCP servers fired, and were they expected?

And a quick checklist you can paste into a PR template today:

  • Primary-doc links smoke-checked after publishing edits.
  • MCP connectors (if any) list their owners.
  • Verification command output is pasted or linked.
  • Forked agent work lists parent plus child responsibilities.

If your repo cannot state its boundaries plainly, agents will guess, and guessing scales badly. When the conversation reaches security review, OWASP's LLM Top 10 and NIST's AI Risk Management Framework give you the risk vocabulary to argue with.

Common questions

  • What makes agentic team workflows reviewable?

    Receipts do. The PR body lists scopes and a verification transcript, and forked work names parent plus child responsibilities. Another connector is rarely the missing ingredient. The hidden tax of skipping receipts shows up later as merge-queue fatigue, where reviewers reconstruct intent from chat logs. Governance turns into velocity once surprises stop scaling.

  • How should a team split work between agents and humans?

    Agents do the relief work; humans own the blueprint. The split mirrors our methodology: tests prove behavior, and review proves the team can explain that behavior. Every diff has to carry enough receipts to survive the second gate. Without that, a green pipeline still leaves a reviewer guessing why an approach was chosen.

  • What is the fastest first guardrail for a team?

    The connector card. One short markdown card per MCP server names allowed actions, forbidden actions, the owner, and the rollback. Incidents shrink because operators know what "off" looks like and who may press it. It also stops the team from treating yet another connector as the thing standing between them and a working pipeline.

  • Why do bundled diffs break agent handoffs?

    A bundled diff arrives with refactors and quiet intent shifts a reviewer cannot pull apart. Shrink the scope and widen the transparency instead. A decision stub forces constraints considered, rejected alternatives, and verification proof into the PR, so the next reader sees the reasoning rather than reverse-engineering it from the diff.

Start with one receipt

Add the decision stub to your PR template this week and watch how fast the "why this approach?" questions stop. If you want all four receipts installed in your real repos in a day, our training does exactly that. Bring the merge queue you have, not the one you wish you had.

Related training topics

Related research

Ready to start?

Transform how your team builds software.

Book a 15-minute sync