TIMMY: Open-Source Local Receipt and Replay Layer for AI Agents

Overview

TIMMY is an open-source, local-first tool designed to create verifiable receipts and replay layers for AI agent work. As AI agents gain the ability to edit files, run commands, call models, and modify infrastructure, TIMMY acts as a flight recorder to ensure transparency, security, and auditability. It generates local, tamper-evident receipts that document exactly what happened, when it happened, and what artifacts were produced.

Benefits

TIMMY provides several key advantages for developers and security-conscious users. It offers verifiable execution by registering every step, tool-use outcome, and generated artifact into a local manifest. This ensures that no action goes unnoticed. The tool also provides tamper evidence by sealing receipts with deterministic SHA-256 hashes. If any file or log is altered, the validation seal breaks immediately, alerting the user to potential tampering. TIMMY prioritizes local-first privacy by not calling home, tracking developer behavior, or collecting analytics. All data remains strictly local on the user's machine. It also supports OpenRouter integration for real-time streaming conversations and converts Model Context Protocol tool calls into local, inspectable bash scripts. The tool includes workspace isolation features and a browser companion for live state mirroring.

Use Cases

TIMMY is useful for developers who want to audit AI agent actions. It can be used to generate a verifiable local receipt file for any task performed by an AI agent. For example, a developer can record a task proof stub to create a proof run folder containing a manifest, receipt, and replay document. It is also useful for generating agent proofs to validate workspace integrity. The tool can scan MCP servers to generate local evidence bundles before granting file system permissions. Developers can use the browser companion to mirror the local state in real time. It is ideal for environments where security and transparency are critical, such as automated deployment pipelines or sensitive data processing workflows.

Pricing

TIMMY is an open-source tool available on GitHub. There is no mention of a specific subscription or licensing fee in the provided information. Users can clone the repository and run it locally without cost.

Vibes

The tool is designed with a strong emphasis on trust and security. The documentation highlights features like zero telemetry and local authorities to assure users that their data remains private. The inclusion of provenanced releases and trusted publishing provenance adds to the credibility of the tool. The demo flow illustrates a clear trust loop from main chat to sealed receipt, showing how the tool ensures accountability at every step.

Additional Information

TIMMY is published directly from GitHub Actions with npm trusted publishing provenance. It welcomes early open-source contributors and provides guidelines for contribution. The tool is currently in version 0.1.0 and is actively being developed. It is designed to provide developers with full visibility and control over AI agent interactions.