Skip to content

Related Work and Competitive Landscape

dent8 occupies the intersection of two literatures: a crowded, fast-moving market of LLM-agent memory systems, and a set of mature data-infrastructure and formal-reasoning traditions that the agent-memory market has largely failed to absorb. This document maps both, then states plainly where dent8 is differentiated and where it is not. It is the prior-art basis for the paper outline and should be read alongside belief-revision.md and threat-model.md.

Lineage (so the overlap below is not misread). dent8’s primitives descend from mature, public traditions that predate and are independent of any current agent-memory product: event sourcing / CQRS, bitemporal databases (SQL:2011), belief revision (AGM / Hansson), the W3C PROV provenance model, and tamper-evident transparency logs (RFC 6962). Where dent8 overlaps a contemporary system such as Zep/Graphiti, that is convergent evolution on shared foundations, not derivation — both draw on the same decades-old sources. We cite Zep as prior art precisely because honest attribution is the point; the overlap is acknowledged, not borrowed, and no Zep-specific mechanism is presented here as dent8’s own.

Contemporary agent-memory systems split into mutate-in-place stores and temporal/graph stores. The integrity properties dent8 treats as first-class — provenance, contradiction handling, temporal validity, supersession, auditability, deterministic replay — are unevenly supported, and in most systems absent.

Mem0 is the clearest contrast to dent8’s event-sourced stance. Its base (non-graph) store is mutate-in-place: an LLM tool-call selects ADD/UPDATE/DELETE/NOOP over semantically similar memories, with no append-only log, no provenance, no confidence, no TTL, and no supersession history; a DELETE destroys the original record [1]. The graph variant Mem0g softens this by marking obsolete relationships invalid rather than physically deleting them [1] — a partial supersession analog, but an attribute flip on a node, not a typed, replayable event.

Zep / Graphiti is dent8’s strongest overlap and the most important honesty check. Zep is “a memory layer service powered by Graphiti, a dynamic, temporally-aware knowledge graph engine” [2]; the engine-level behaviors below are Graphiti’s. It already ships much of dent8’s headline list: per-edge valid-time (t_valid/t_invalid) vs system/transaction-time (t′created/t′expired), contradiction handling via edge invalidation (not deletion — the older edge’s t_invalid is set to the invalidating edge’s t_valid), supersession in place of deletion, and a non-lossy episode store providing provenance from extracted facts back to source messages [2]. dent8 cannot fact provenance, temporal validity, supersession, or contradiction edges as unique. What Graphiti does not do: it resolves contradictions purely by recency — it “consistently prioritizes new information when determining edge invalidation” [2], arbitrated by neither source authority nor confidence (a last-write-wins semantics, in our terms); it has no explicit confidence/authority weighting, no event-sourced log as the source of truth, no deterministic replay, and no cryptographic hash-chain. The stores are also architecturally different: Graphiti is graph-database-native (Neo4j, FalkorDB, or Amazon Neptune) with a hybrid semantic+keyword+graph retrieval layer, optimized for retrieval quality [2a]; dent8 is relational and event-sourced (Postgres), optimized for transactional append+projection atomicity, append-only auditability, and deterministic replay. The two solve different jobs — dent8 does not compete on retrieval and can sit beneath or beside a graph store.

Letta / MemGPT is an OS-style tiered-context manager (core/archival/recall memory edited by the agent itself) — orchestration of the context window, not auditable fact integrity; no provenance, contradiction edges, supersession history, or replay as first-class features [3]. It is complementary: dent8 could sit beneath it as the audited store of record. A-MEM models memory as an evolving Zettelkasten note graph whose “memory evolution” retroactively rewrites the attributes of historical notes when new memories arrive [4] — closer to Mem0’s mutate model than to an append-only log. Cognee adds a typed knowledge graph with optional temporal extraction [5], richer structure than vector stores but oriented to modeling event sequence in content, not integrity-as-substrate. The official MCP “memory” server is a minimal subject/relation/observation knowledge graph with no integrity semantics whatsoever [6]; dent8 could ship an MCP server whose differentiator is exactly these guarantees. CoALA is a conceptual taxonomy (working/episodic/semantic/procedural memory), useful vocabulary for positioning, not prior art that implements integrity [7].

Feature matrix (✓ first-class · ◐ partial/heuristic · ✗ absent)

Section titled “Feature matrix (✓ first-class · ◐ partial/heuristic · ✗ absent)”
System Provenance Contradiction edges Temporal validity Supersession Audit log Det. replay Authority/confidence
Mem0 (base)
Mem0g (graph) ◐ (mark-invalid)
Zep / Graphiti ✓ (episodic) ✓ (bi-temporal, runs) ✗ (recency-only)
Letta / MemGPT ◐ (DB state)
A-MEM ✗ (rewrites)
Cognee
MCP memory
dent8 ✓ (mandatory) ✓ (typed event) ◐ (closed valid_from/valid_to interval + TTL — ADR 0016; freshness applied on reads, an elapsed valid_to treated like an elapsed TTL and expires_at() = earliest of TTL and valid_to; explain flags stale, receipt carries fresh/expires_at; time-travel via --as-of/--valid-at) ✓ (lineage-preserving) ✓ (append-only) ✓ (fold) ✓ (authority-weighted, core fold)

Two cells deserve blunt honesty:

  • Temporal validity. dent8 now has observed_at + valid_from + valid_to (ADR 0016) and applies freshness on readsFactState::is_fresh_at drives the fresh flag and explain’s freshness annotation, bounding the full window [valid_from, expires_at) (a future valid_from reads [not yet valid], an elapsed valid_to/TTL reads [stale — no longer valid]), with expires_at() taking the earliest of the TTL bound and the asserted valid_to; --as-of/--valid-at add time-travel reads. The closed valid_from/valid_to interval is the analog of Zep’s t_valid/t_invalid; what still differs is mechanism — Zep runs graph edge-invalidation, whereas dent8’s valid_to bounds read-time freshness rather than driving an invalidation pass. Marked ◐ for that reason, not for a missing interval.
  • Authority/confidence. The typed fields exist (AuthorityLevel, Confidence), and arbitration is implemented in the dent8-core fold: apply_event rejects a strictly-lower-authority supersession and hard-alarms a canonical contradiction — the mechanism that distinguishes dent8 from Graphiti’s recency-only resolution. Marked ✓ for the core fold; transactional enforcement at the store layer is built and DB-verified (the Postgres adapter — advisory-lock-serialized append + materialization).

dent8’s differentiating mechanisms — serde serialization, event hashing and the hash-chain, the Postgres adapter, the replay/explain runtime, and authority arbitration — are built, and the adapter is DB-verified (see STATUS.md). The adversarial dent8-evals corpus exists (the firewall blocks attacks a recency-only baseline accepts), now including the evidence-edge retraction taint scenario (poisoned_source_retraction, ADR 0010) — the dependency-cascade differentiator recency-only memory cannot represent. What remains is seeding the golden/replay fixture families — see roadmap.md.

dent8’s primitives are not invented; they recombine four mature traditions — a strength (the design is principled) that also bounds its novelty.

Event sourcing / CQRS and bitemporal data. Treating stored events as an immutable append-only contract — never mutated in place, evolved only by adding versions and upcasting old events on read — is standard event-sourcing practice. An empirical study of 19 industrial event-sourced systems found schema evolution to be the dominant pain point (≈15/19 struggled) with no tooling consensus [8]. This is why dent8’s hash leaf mixes a canonicalization version from day one. ADR 0004 decides the v1 shape: schema_version is the out-of-band CANON_VERSION constant for now, and a future v2 must add a per-event version plus an upcasting path without rehashing existing v1 events. dent8’s time fields — transaction-time recorded_at plus valid-time observed_at/valid_from/valid_to — are an instance of bitemporal modeling (valid vs transaction time, standardized in SQL:2011), but PostgreSQL does not implement SQL:2011 temporal tables natively, so freshness and “replay as-of T” must be enforced in the replay_fact fold, not delegated to the database [9].

Provenance. W3C PROV-DM provides a standard vocabulary (Subject/Activity/Agent plus wasGeneratedBy/wasAttributedTo/wasDerivedFrom/wasInvalidatedBy) onto which dent8’s provenance, authority, evidence, and edge model map cleanly, enabling an interoperable analytical export [10]. Honest caveat: PROV models trust only structurally and has no confidence metric, so dent8’s confidence is an extension, not standard PROV [10].

Tamper-evident logs. dent8 has previous_event_hash/event_hash columns and now a built+tested canonicalization + SHA-256 hash chain in dent8-core (sorted-key serde_json form — not RFC 8785/JCS; injective length-framed leaf; 0x00 domain separation). The Postgres append path populates and re-verifies those columns; the file and SQLite paths use the same event hashing semantics without a columnar schema. RFC 8785 (JSON Canonicalization Scheme) was the original plan but is not what shipped (see ADR 0004); note it is an Informational RFC (Independent Submission stream), it sorts property names by UTF-16 code units, and it constrains numbers to IEEE-754 doubles and errors on NaN/Infinity — once a hazard for arbitrary numeric content inside FactValue::Json, now mitigated since CanonicalJson parses with serde_json (which itself rejects NaN/Infinity); it never affected confidence/timestamps (already integers) [11]. Beyond a linear chain, RFC 6962 (Certificate Transparency) shows how domain-separated leaf/node hashing (0x00/0x01 prefixes) enables O(log n) inclusion/consistency proofs — but the prefix rule must be fixed from day one [12].

Belief revision and knowledge editing. dent8’s contradiction/supersession/ retraction semantics independently reinvent decades-old ideas. The better-matched theory is not classical AGM (logically-closed sets) but Hansson’s belief-base revision over non-closed syntactic sets, where Recovery fails — exactly correct for dent8 [13]. Paraconsistent logic supplies the rigorous justification for “hidden contradiction is failure, but a visible contradiction must not blow up the store”: the inconsistency-vs-triviality distinction [14]. See belief-revision.md. Separately, 2024 work argues LLM model editing is belief revision with “shaky” foundations and poor cross-belief consistency [15] — the academic case that beliefs belong in an external, auditable, revisable store rather than baked into weights, which is dent8’s core bet.

Memory/RAG poisoning. The threat literature validates dent8’s premise. PoisonedRAG corrupts retrieval with ~5 injected texts (~90%+ attack success) [16], and MINJA shows a privilege-less regular user can poison an agent’s long-term memory via query-only interaction (>95% injection success), persisting across sessions [17] — the most direct analog to dent8’s append-time controls. See threat-model.md.

The 2026 agent-memory-integrity wave. The design space is not just contested by Zep — a cluster of 2026 work targets exactly dent8’s concerns and further bounds its novelty: TOKI types contradiction-resolution as a bitemporal operator algebra with soundness theorems and audits Mem0/Zep/Letta/Graphiti against it [19]; MemLineage adds cryptographic provenance + derivation-lineage over an RFC 6962 Merkle log, explicitly noting “prevention is not recovery” [20]; Adaptive Memory Admission Control gates writes by factual confidence and four other factors [21]; and poisoning attack/defense work formalizes trust-scored moderation and sanitization [22]. The implication for dent8 is sharpening, not discouraging: single primitives (typed contradiction operators, Merkle provenance, confidence-gated admission) are now individually published, so dent8’s only defensible territory is the specific composition — typed authority-weighted supersession as the gate, and that gate as a deterministic, replayable, hash-pinnable fold over one append-only log. See research/novelty.md for the vetted (and largely killed) candidate directions.

Where dent8 is — and is not — differentiated

Section titled “Where dent8 is — and is not — differentiated”

Honestly stated: dent8 is not differentiated on any individual primitive. Bi-temporal validity, supersession-not-deletion, contradiction edges, and episodic provenance are all shipped by Zep/Graphiti today [2]; mark-invalid supersession appears even in Mem0g [1]; provenance and bitemporality are textbook PROV and SQL:2011 [9][10]; deterministic replay is standard event sourcing [8]; hash-chained tamper-evidence is textbook transparency-log machinery [12]. Belief-base framing is good vocabulary, not a novel mechanism — bitemporal DBs (XTDB/Datomic) already provide “history matters, retract doesn’t resurrect” without naming Hansson.

dent8’s defensible wedge is narrower and should be stated precisely: the combination treated as substrate rather than feature — an append-only FactEvent log as the single typed, hash-verified source of truth, deterministic replay (projection == fold(events)), and, above all, typed authority-weighted supersession (a regular-user write must not override a high-authority fact — a direct mitigation for MINJA-style poisoning that Graphiti’s recency-only arbitration cannot offer). The honest caveat has moved from “not built” to “not yet hardened as an operated product”: the headline differentiator is now enforced at the write boundary, runnable through the CLI/MCP surfaces, backed by file, SQLite, and DB-verified Postgres stores, and exercised by replay/eval fixtures. What remains is production hardening — operated witness deployment, source-key operations, heavier concurrency polish, fuzzing/model checking, and richer debugger surfaces. The closest contemporary system (Zep) — itself convergent on the same shared foundations — still occupies most of the conceptual ground. The correct positioning is “the governed, replayable store of record beneath Mem0/Letta/MCP,” benchmarked on replay determinism, poisoning resistance, and auditability — not on retrieval F1, where dent8 does not compete.