Skip to content

Dogfood Workflow

dent8 should use dent8 as its durable project memory. Provider-native files such as AGENTS.md, CLAUDE.md, Cursor rules, or chat history can remind agents what to do, but they are not the source of truth for project facts.

Load the local bundle and inspect memory before relying on remembered setup:

Terminal window
set -a
. .dent8/env
. .dent8/identity-codex.env
set +a
.dent8/bin/dent8 facts list
.dent8/bin/dent8 explain repo:dent8 dogfood.setup
.dent8/bin/dent8 doctor --agent codex --dir .dent8

Use the source identity for the agent doing the work. MCP config is project-scoped — each agent points at this repo’s .dent8 store only when the session is in this project. Do not install the dogfood store into user-global agent config (~/.codex, ~/.cursor/mcp.json, ~/.grok/config.toml, Claude user settings, etc.); that would attach this belief base in every other workspace.

Agent Identity env Project MCP config Project hooks
Codex .dent8/identity-codex.env .codex/config.toml .codex/hooks.json
Claude Code .dent8/identity-claude-code.env .mcp.json .claude/settings.json
Cursor .dent8/identity-cursor.env .cursor/mcp.json .cursor/hooks.json
Grok Build .dent8/identity-grok-build.env .grok/config.toml .grok/hooks/dent8.json

MCP and hooks are project-scoped (gitignored except committed Claude settings when shared).

Grok Build does not share Claude Code’s project-root .mcp.json in this dogfood setup (that file is bound to source:claude-code). Install Grok’s MCP entry with dent8 agent add --agent grok-build --mcp-local-bin --mcp-config .dent8/mcp-grok-build.json, then wire the same env into project .grok/config.toml only. Doctor must pass that side file: dent8 doctor --agent grok-build --dir .dent8 --mcp-config .dent8/mcp-grok-build.json. See examples/grok-build/.

Run the full dogfood acceptance path when the setup itself changed:

Terminal window
./examples/dogfood/demo.sh

Use dent8 when a decision should survive chat/session context:

Terminal window
.dent8/bin/dent8 assert repo:dent8 product.next_arc "stable daemon/API contracts before desktop"
.dent8/bin/dent8 supersede repo:dent8 dogfood.setup "SQLite-backed .dent8 bundle with signed Codex/Claude/Cursor identities and witness coverage"
.dent8/bin/dent8 explain repo:dent8 dogfood.setup

Prefer supersede for changed facts rather than editing native-memory prose. Prefer specific predicates over paragraphs when possible:

  • repo.database
  • repo.test_command
  • dogfood.setup
  • dogfood.workflow
  • witness.posture
  • agent_setup
  • product.next_arc
  • release_status
  • user.preference

For temporary checks, use diagnostic:* subjects with an internal dent8.* predicate such as dent8.write_check. They remain auditable but are hidden from normal facts list output unless --include-diagnostics is passed.

After writes to the local dogfood store, sign a fresh local witness head when the private key is available:

Terminal window
export DENT8_WITNESS_GRANTS_LOG=.dent8/witness-grants.jsonl
DENT8_WITNESS_KEY=.dent8/witness.key .dent8/bin/dent8 witness sign
.dent8/bin/dent8 witness verify

The signing key is intentionally not in .dent8/env; pass it only for signing.

Agents can still bypass dent8 by writing native memory/rules files or raw storage directly. For this repo:

  1. use MCP/CLI writes for durable project facts;
  2. keep native-memory hook guards enforced where the agent supports them;
  3. run dent8 native scan --agent <profile> when native files changed;
  4. run ./examples/dogfood/demo.sh after setup changes, or at least dent8 doctor --agent <profile> --write-check for the agent you are using;
  5. use dent8 verify before trusting a long-running store.

The firewall only arbitrates writes that enter the dent8 boundary. The operational rule is simple: durable project memory goes through dent8 first.