~GIX Loading...
Back to Insights
June 15, 2026AI InfrastructureRob Murtha

Meet Agents Where They Are: A Design Pattern

Stop forcing one runtime on every agent. Meet agents where they are with shared workspaces, canonical artifacts, and append-only ledgers that humans can watch in real time.

Most teams building with agents in 2026 make the same quiet mistake. They pick a runtime, then assume everyone else will pick the same one. The platform team standardizes on a local harness with twelve tools wired in. The analyst across the hall is doing real work in a ChatGPT browser tab. The customer two contracts over has a homegrown LangGraph thing held together with cron jobs and hope.

Then someone tries to make these agents collaborate, and the whole thing falls apart.

The models are fine. What breaks is an assumption hiding underneath the whole setup: that collaboration requires a shared runtime. It does not. The agentic design pattern that actually scales is to meet agents where they are. Let every operator bring their own harness, and have them collaborate through a shared workspace rather than a shared process.

This post is about that pattern. What it is, why append-only ledgers and canonical artifacts make it work, how authorization holds it together, and how we run it in production with Workplay, our AI-native growth platform at Adjective.

The runtime is the wrong unit of standardization

Here is the instinct worth killing first. When two agents need to work together, the obvious move is to put them in the same box: same framework, same orchestration layer, same tool registry. One runtime to rule them all.

It feels clean. It is a trap.

The moment you standardize on a runtime, you have told every collaborator that participation requires a migration. The analyst in the browser tab has to learn your harness. The customer with the LangGraph setup has to rip it out. The solo operator who just wants to ask a question from their phone is now locked out entirely. You have not built a collaboration layer. You have built a gate, and most of the people who could add value are standing on the wrong side of it.

The runtimes are also moving too fast to bet on. The harness that is best-in-class this quarter will be second-rate by the next. If your collaboration model is welded to a specific orchestration framework, every framework churn is a collaboration outage.

Meeting agents where they are means treating the runtime as a personal choice and the workspace as the shared contract. A sophisticated local harness and a simple browser window are equally valid clients. What they share is the workspace they read from and write to. How each one thinks internally is its own business.

Canonical artifacts hold the shared state

If the runtime is a personal choice, something else has to carry the shared state. That something is the artifact.

A canonical artifact is a single authoritative object that represents the real state of the work, addressable by a stable identifier, that any authorized agent or human can read and modify. It is the opportunity record. The project plan. The product spec. The contact. It lives above any single transcript, Slack thread, or agent context window. It is the thing that is actually true right now, and everyone points at the same copy.

This matters because agents, left to themselves, hoard state in their context. Agent A believes the deal is in negotiation. Agent B, working from a stale summary, still thinks it is in discovery. Both are confidently wrong in different directions, and neither knows the other exists. Multiply that across a fleet and you get a room full of people talking past each other with perfect grammar.

Canonical artifacts collapse that ambiguity:

  1. One source of truth. The opportunity lives in one place. Its stage is whatever the artifact says, and agent memory does not get a vote.
  2. Stable addressing. Every artifact has an ID. An agent can reference it across sessions, hand it off, or come back to it tomorrow and find the same object.
  3. Structured fields. The artifact carries a stage, an amount, a close date, each in its own slot. Agents read structure far more reliably than they parse narrative, and humans can scan it at a glance.
  4. Shared by reference. Everyone resolves the same record, so a correction reaches all of them at once and nobody drifts off on a private snapshot.

We wrote about why agents need structured ground truth in Intelligence Primitives: The Ground Truth Agents Need. Canonical artifacts are that idea applied to live operational work instead of a knowledge corpus. The artifact is the molecule. The workspace is where it lives.

The append-only ledger is how agents coordinate without colliding

Canonical artifacts solve shared state. They do not, by themselves, solve coordination. Two agents editing the same opportunity at the same time can still clobber each other's work, and worse, they can do it silently.

The fix is an old idea from accounting and distributed systems, and it is the second pillar of this pattern: the append-only message ledger.

An append-only ledger is a running stream of notes attached to an artifact, where every entry is added and nothing is ever overwritten or deleted. When an agent changes something, it appends a note explaining what it did and why. When it disagrees with a prior decision, it appends a correction that references the original and leaves the old note sitting right there. The history is immutable. The current state is the artifact plus the full, ordered record of how it got there.

It sounds like bookkeeping, and underneath it is the coordination protocol. It does four things at once:

  • It prevents silent overwrites. Mistakes get corrected with a new entry that points at the old one, never by erasing history. You can always reconstruct what each participant believed and when.
  • It makes intent legible. A bare field flip from "discovery" to "negotiation" leaves you guessing why. A note that reads "moved to negotiation, prospect verbally committed budget on today's call" hands you the whole story. Agents leave their reasoning in the ledger, so the next reader inherits context for free.
  • It enables handoffs. An agent can append a handoff entry that explicitly passes work to a human or another agent. The receiving party reads the ledger, picks up exactly where things stood, and continues. No standup required.
  • It gives you a replayable audit trail. Every decision, every correction, every handoff is timestamped and attributed. When something goes wrong, you do not guess. You read the tape.

In Workplay, this is not a metaphor. Notes are the shared stream, pinnable to any object, and the protocol is explicit: before you change a shared artifact, read the notes to see what has already been said. When you change it, leave a note with kind='rationale' explaining why. To pass work along, use kind='handoff'. To fix a mistake, append kind='correction' referencing the original, never overwrite. The ledger is append-only by design, because append-only is what makes a multi-agent workspace safe to share.

Human-observable by default

Here is the part that separates a real agentic workspace from a demo. The state has to be observable by humans in the same representation the agents use, in real time, without a translation step.

A lot of agent systems are observable only in theory. The state lives in a vector store, or in some orchestration framework's internal memory, or scattered across log lines that require an engineer and a grep to reassemble. By the time a human can see what happened, the agents have moved on three times.

When your shared state is a canonical artifact plus an append-only ledger, observability is free. The artifact is the dashboard. The ledger is the activity feed. A human opens the opportunity and sees the current stage, the amount, the close date, and underneath it the full stream of notes: what each agent did, why, what it handed off, what it corrected. No separate logging pipeline. No reconstruction. The thing the agents coordinate through is the same thing the human reads.

This is what makes iteration possible. A shared cross-agent workspace is a space where humans and agents read and write the same artifacts and the same ledger, so that watching, correcting, and steering are all the same gesture. The human works as a peer right inside the workspace. They append a note. They nudge an artifact. They drop a kind='handoff' and an agent picks it up. The agent leaves a kind='rationale' and the human sees the thinking. Iteration stops being a meeting and becomes a continuous, legible conversation around shared objects.

A workspace like this is one you can watch, question, and redirect mid-flight, which is the only kind worth running when real money or real customers are on the line. Blind trust in automation you cannot see is a much worse place to be.

Authorization is the seam that makes sharing safe

A shared workspace that everyone can read and write sounds great right up until you remember that "everyone" includes agents you did not build, operated by customers on contracts that grant them access to some things and not others. Open the door too wide and the pattern becomes a liability.

So the last pillar is access control, and the right granularity is per participant: every agent and every human gets its own key, scoped to exactly the spaces its contract or role permits, connecting through an MCP server that enforces those boundaries on every call.

The Model Context Protocol is the connective tissue here. It is the open standard (modelcontextprotocol.io) that lets any compliant client, a local harness or a hosted assistant alike, discover and call the same set of tools over the same authorized surface. That is what lets a browser chat and a bespoke harness be equal citizens of one workspace. They speak the same protocol to the same server, and the server checks the key on every request.

The design principles that keep this safe at scale:

  1. One key per participant, never a shared credential. Each agent and user authenticates as itself. Attribution in the ledger is only meaningful if identities are distinct, and revocation only works if you can cut off one participant without breaking the rest.
  2. Scope to the contract. A customer's agent gets access to the pipeline, project, or product surface their agreement covers, and nothing past it. The same workspace can host many tenants because each key defines its own blast radius, drawn at the contract line.
  3. Enforce server-side on every call. Authorization gets checked at the tool boundary on every request, with the client never allowed to assert its own permissions. A misbehaving or compromised agent stays boxed inside its scope no matter what it tries, because the server is the one saying no.
  4. Every action is attributed. Because each participant carries its own key, every artifact change and every ledger entry is signed by a specific identity. The audit trail is real, signed work you can stand behind.

This is the model we have argued for in Evidence-Sealed Authorization: access is a live property, checked and recorded every time an action happens. Per-agent keys plus server-side enforcement plus an append-only ledger give you exactly that. Authorization and observability turn out to be the same system viewed from two angles.

How this runs in production: Workplay

We did not arrive at this pattern from a whiteboard. We built it because we needed it.

Workplay is our AI-native growth platform. Under the hood it is a CRM whose hub is Interactions, with Contacts, Organizations, Opportunities, and Tasks as the spokes, and Notes as the shared stream that humans and agents coordinate through. Every one of those is a canonical artifact with a stable ID. Every one carries an append-only note ledger. And the whole thing is exposed over an MCP server, so the runtime an operator chooses is entirely up to them.

That is the pattern, made concrete:

  • Bring your own harness. A Workplay user can drive the platform from a sophisticated local agent with the full toolset wired in, or from a plain browser chat with the MCP connected, or by hand through the UI. Same artifacts, same ledger, same rules. Nobody is forced to migrate to participate.
  • Operate over canonical artifacts. When an agent captures a deal from an email thread, it does not invent a new record. It resolves the contact by email and the organization by domain first, links to the existing artifact if one matches, and only creates when nothing fits. The artifact stays canonical instead of fragmenting into duplicates.
  • Coordinate through the append-only ledger. Before touching a shared opportunity, an agent reads the notes. When it moves a stage, it leaves a kind='rationale'. When it hands work to a human, kind='handoff'. When it corrects an earlier mistake, kind='correction' referencing the original. Re-reading the same email twice does not double-log, because a stable source id rides along as the dedupe key. The ledger stays clean and trustworthy.
  • Stay human-observable. A human opens the opportunity brief and sees the live artifact plus the full coordination stream. They can watch a fleet of agents work the pipeline and step in with a note the instant something looks off. Steering is just another entry in the same ledger the agents read.
  • Authorized per agent, per contract. This is the part our customers care about most. They can review the platform, then hook their own agents into the pipeline, project, and product surface their contract covers, each agent carrying its own scoped key. Their agents become first-class participants in a shared workspace without ever reaching past the boundary their agreement defines.

The result is something most "AI CRM" pitches cannot deliver: a workspace where our agents, our customers' agents, and the humans on both sides all operate over the same source of truth, leave a legible trail, and never trip over each other. They pull it off by sharing an artifact and a ledger, and respecting a key. No shared brain required.

The pattern, in one place

Strip away the product and the pattern is portable to anything you are building with agents:

  1. Treat the runtime as a personal choice. Let every operator bring their own harness, from a heavy local setup to a browser tab. Standardize the workspace, not the process.
  2. Make canonical artifacts the shared state. One authoritative, structured, stably-addressed object per real thing. Everyone reads and writes the same copy, by reference.
  3. Coordinate through an append-only ledger. Append rationale, handoffs, and corrections. Never overwrite. The history is immutable and the intent is legible.
  4. Keep it human-observable in the same representation. The artifact is the dashboard and the ledger is the feed. Watching, correcting, and steering are one gesture.
  5. Authorize per participant over MCP. One scoped key per agent and human, enforced server-side, attributed on every action.

Agents are not going to converge on a single runtime, and you should stop waiting for them to. The teams that win the next phase are the ones who build workspaces good enough that any agent, however simple or sophisticated, can walk in and do real work alongside a human who never loses sight of what is happening. The cleverness of any single harness barely matters next to that.

Meet agents where they are. Build the shared space, and let the runtimes be whatever they want to be. If you want to see it running, come look at Workplay and hook your own agents up to it.