Agent Adapters
dent8 should meet agents where they already keep durable context, but it should not become a provider-specific memory provider. The invariant is simple:
Native memory/rules files are projection and integration surfaces. The source of truth is still the dent8 fact-event log.
Bypass boundary
Section titled “Bypass boundary”dent8 prevents silent corruption on write paths it controls: CLI, MCP, daemon, and store
adapters that call EventStore::append. It does not sandbox a same-user agent. If an agent can
write provider-native memory/rules files directly, mutate the dev file log, or use raw database
write credentials, it can bypass dent8’s policy layer.
For local dogfood this is acceptable only with guardrails: install the native-memory hook guard
for every agent profile that supports hooks, keep provider-native memory files as generated or
reviewed surfaces rather than truth, run dent8 doctor --agent <profile> --write-check, and use
dent8 verify plus witness heads to detect raw-store tampering. For shared or production use,
make a dent8 daemon/service the only writer and give agents no raw INSERT/UPDATE/DELETE
access to the event tables.
Adapter layers
Section titled “Adapter layers”- MCP write path, built. Agents call
dent8 mcp serveand write candidate facts through the same firewall as the CLI. - Hook guard profiles, runnable helper + example profiles. Hooks call
dent8 hook native-memory-guardto rundent8 verifyand block direct native memory/rules writes that would bypass dent8. Provider profiles live inexamples/agent-hooks/. - Native scan/reconcile, built.
dent8 native scan --agent <profile>inventories provider-native memory/rules files, hashes them, reports dent8 receipt markers, and includes the selected profile’s guard posture.dent8 native reconcile --agent <profile>verifies explicitdent8://<kind>/<key>/<predicate>references against current dent8 receipts and flags stale, contested, no-longer-believed, missing, or malformed references. The same diagnostics/audits are exposed to agents over MCP as read-onlyruntime_status,native_scan, andnative_reconcile;doctor --agentruns the read-only scan. This is audit, not import. - Signed source identity, default build. Use
dent8 init --agent <profile>ordent8 init --identity --source <source>to give each agent a distinct source key and issuer-signed grant (DENT8_GRANT+DENT8_IDENTITY_KEY). Several agents can use the same globally installeddent8binary and the same backend store, but stdio MCP clients typically launch one subprocess per client/profile. Run onedent8 mcp serveprocess per agent identity when per-agent provenance matters. The local daemon supports session-challenge writes, anddent8 mcp proxylets stdio-only MCP clients use that daemon, but each daemon process still proves the single source identity whose key it holds; usedent8 mcp install --agent <profile> --use-daemon(or--daemon-socket PATH) to patch a known agent config to proxy mode, and use separate daemon instances for distinct local source identities. Future remote HTTP transport should authenticate the source per request without requiring the service to hold user source keys. - Native import, built.
dent8 import <file>reads durable facts fromCLAUDE.md, ClaudeMEMORY.md,GEMINI.md,.cursor/rules,.devin/rules,.windsurf/rules, andAGENTS.mdwith deterministic, documented rules (dent8 managed block, inlinedent8://receipt markers, and fenceddent8proposal blocks) and routes every recovered proposal through the same firewall funnel asdent8 capture— authority, policy, and the content check all apply, and free prose is skipped, never invented. See native-memory.md. - Native export, built.
dent8 export --target <file>generates provider-native Markdown/rules files from dent8 receipts: it splices a receipt-bearing managed block (each line carrying adent8://reference plus the believed event’s id and hash) into the target file idempotently, preserving human prose outside the block, and writes the file from the CLI process — the channel the write-time guard does not intercept. See native-memory.md. - Native rewrite/reconcile loop, design-only. Go beyond explicit receipt references: compare native prose with dent8 projections, propose import candidates, and regenerate receipt-bearing provider-native files.
Provider stance
Section titled “Provider stance”| Provider | v0 integration (prefer project MCP config) | Hook stance |
|---|---|---|
| Codex | MCP through project .codex/config.toml; AGENTS.md for durable repo guidance |
Good fit: session, pre-tool, post-tool, stop hooks |
| Claude Code | MCP through project .mcp.json; CLAUDE.md and auto memory are native surfaces |
Good fit: session/tool/stop hooks |
| Gemini CLI | MCP plus GEMINI.md//memory; Auto Memory has review semantics |
Good fit: session, before/after tool, session end hooks |
| Cursor | MCP through project .cursor/mcp.json; .cursor/rules and AGENTS.md as native surfaces |
Project .cursor/hooks.json (preToolUse guard + stop capture); schema is Cursor 1.7+ |
| Devin/Cascade | MCP plus .devin/rules/.windsurf/rules and auto memories |
Good fit: pre/post write hooks |
| Grok Build | MCP via project .grok/config.toml (or .mcp.json when not shared with Claude) |
Project .grok/hooks/dent8.json (Claude-compatible events); folder must be trusted |
| Hecate | MCP server in task config; supervised external agents | Use Hecate to distribute MCP and child-agent hook policy |
v0 rule
Section titled “v0 rule”A generated native file can make a stale fact look authoritative to the agent, so exports must
be receipt-bearing and auditable — which dent8 export --target is: it only emits currently
believed facts, each carrying a dent8:// reference plus its event id and hash, and never
writes a redacted value. Regenerate the managed block rather than hand-editing it; the
PreToolUse guard blocks direct edits so dent8 export stays the source of truth.
The first production-worthy adapter flow is:
agent -> dent8 MCP assert/supersede/retract -> fact-event lognative memory/rules hook -> guard blocks direct edits and runs verifyoperator -> review explain/replay/conflictsdent8 import -> pull durable facts out of an existing/stale native file (through the firewall)dent8 export --target -> regenerate native rules with receiptsnative reconcile -> verify generated receipt references stay current