First fact in two minutes
One binary, no services. dent8 init in any repo, assert through the
firewall, and read the receipt back with dent8 explain.
First fact in two minutes
One binary, no services. dent8 init in any repo, assert through the
firewall, and read the receipt back with dent8 explain.
The 30-second proof
dent8 eval runs a 47-case adversarial corpus against the real firewall and
against modeled Mem0/Zep semantics: five attack axes blocked vs zero.
Ask what-if
dent8 whatif re-folds the same log under a different trust policy —
deterministically, with a structural diff and zero model invocations.
Provenance all the way down
Authority-weighted arbitration, signed source identity, a hash chain, and an
optional off-host witness. dent8 replay shows exactly why a fact is believed.
cargo install dent8-cli --lockedpip install dent8 # thin SDK over the same binarycargo install dent8-cli --lockednpm install dent8 # thin SDK over the same binarycargo install dent8-cli --lockedPrebuilt archives for five targets on the releases page.
$ dent8 assert repo:myproj deploy_target production --authority high --source source:ownerACCEPTED repo:myproj deploy_target = "production" (authority=high) seq=0 hash=6b172441a866…
$ dent8 supersede repo:myproj deploy_target staging --authority low --source web:scrapeREJECTED: firewall rejected the write: insufficient authority: low may not override or remove an incumbent of high the incumbent recorded the survived challenge (fact.challenge_rejected)
$ dent8 whatif repo:myproj deploy_target --distrust source:owner policy: distrust source:owner now: "production" (Active, authority=high) under policy: (nothing believed)The rejection is recorded on the fact itself as a survived challenge, the audit trail is a
hash chain, and whatif answers counterfactuals without changing anything.
dent8 ui serves a local, read-only dashboard over the same firewall path as the CLI —
believed facts as cards, contested facts showing both rival values inline, and a full
integrity receipt behind each one.

| attack | firewall | recency-only (Zep) | mutate-in-place (Mem0) |
|---|---|---|---|
| low-authority memory injection (MINJA) | blocked | compromised | compromised |
| authority laundering | blocked | compromised | compromised |
| canonical contradiction | blocked | compromised | compromised |
| Sybil corroboration | blocked | compromised | compromised |
| poisoned-source retraction | blocked | compromised | compromised |
All three models admit legitimate revision; only the firewall refuses the attacks. Every
number is reproducible with dent8 eval, and the per-class tally is reported honestly —
including what is detect-only or out of model. Details in
Evaluation strategy.