Skip to content
The dent8 mark — a crenellated octagon holding one fact.

dent8

Every write to agent memory is arbitrated against what is already believed — a low-authority source can't overwrite a trusted fact, a retracted source taints its derivatives, and every belief is replayable.

First fact in two minutes

One binary, no services. dent8 init in any repo, assert through the firewall, and read the receipt back with dent8 explain.

The 30-second proof

dent8 eval runs a 47-case adversarial corpus against the real firewall and against modeled Mem0/Zep semantics: five attack axes blocked vs zero.

Ask what-if

dent8 whatif re-folds the same log under a different trust policy — deterministically, with a structural diff and zero model invocations.

Provenance all the way down

Authority-weighted arbitration, signed source identity, a hash chain, and an optional off-host witness. dent8 replay shows exactly why a fact is believed.

Terminal window
cargo install dent8-cli --locked
Terminal window
$ dent8 assert repo:myproj deploy_target production --authority high --source source:owner
ACCEPTED repo:myproj deploy_target = "production" (authority=high)
seq=0 hash=6b172441a866…
$ dent8 supersede repo:myproj deploy_target staging --authority low --source web:scrape
REJECTED: firewall rejected the write: insufficient authority: low may not
override or remove an incumbent of high
the incumbent recorded the survived challenge (fact.challenge_rejected)
$ dent8 whatif repo:myproj deploy_target --distrust source:owner
policy: distrust source:owner
now: "production" (Active, authority=high)
under policy: (nothing believed)

The rejection is recorded on the fact itself as a survived challenge, the audit trail is a hash chain, and whatif answers counterfactuals without changing anything.

dent8 ui serves a local, read-only dashboard over the same firewall path as the CLI — believed facts as cards, contested facts showing both rival values inline, and a full integrity receipt behind each one.

The dent8 ui Memory view — believed facts shown as cards; the contested cache fact shows both rival values inline.
attack firewall recency-only (Zep) mutate-in-place (Mem0)
low-authority memory injection (MINJA) blocked compromised compromised
authority laundering blocked compromised compromised
canonical contradiction blocked compromised compromised
Sybil corroboration blocked compromised compromised
poisoned-source retraction blocked compromised compromised

All three models admit legitimate revision; only the firewall refuses the attacks. Every number is reproducible with dent8 eval, and the per-class tally is reported honestly — including what is detect-only or out of model. Details in Evaluation strategy.