Releases: xyzzylabs/dent8
Release list
dent8 v0.8.0
What's Changed
- Serialize the default file store through the firewall and tolerate corrupt lines by @chicoxyzzy in #22
- Install and enforce the native-memory guard by default on dent8 init by @chicoxyzzy in #23
- Require a signed identity for authority above the agent tier by @chicoxyzzy in #24
- chore(release): prepare v0.8.0 by @chicoxyzzy in #25
Full Changelog: v0.7.3...v0.8.0
dent8 v0.7.3
What's Changed
- docs: dent8 ui Memory view screenshot in README + website by @chicoxyzzy in #20
- docs: light-mode variant of the dent8 ui Memory screenshot by @chicoxyzzy in #21
Full Changelog: v0.7.2...v0.7.3
dent8 v0.7.2
Install: cargo install dent8-cli --locked · pip install dent8 · npm install dent8 · prebuilt archives below. Docs: https://xyzzylabs.github.io/dent8/
The headline: dent8 ui — the stock binary now serves its own local, read-only memory dashboard (Memory / What-if / Health), read-only by construction.
Added
-
dent8 ui— a local, human-first memory dashboard (the first deliverable of
ADR 0020, unfrozen): one command
opens a dashboard in your browser, served straight from the stock binary, designed
around the belief base rather than the plumbing. Four views:- Memory (the landing): a headline verdict (everything verified / N contested /
N stale / integrity failed), stat tiles, and the believed facts as cards — the
value shown large, a freshness color-bar down the side, authority + freshness badges,
contested facts showing both rival values inline. Click any card for a slide-in drawer
with the full integrity receipt (authority, hash, chain, corroboration, survived
challenges, validity window) and the complete replay timeline. - Activity: every event across the log, newest first (rejected supersessions appear
as thefact.challenge_rejectedevents recorded on their incumbents). - What-if: re-fold the log under a different trust policy and see now-vs-under-policy
with per-fact diffs — deterministic, no model calls. - Health: a status-page rollup — a healthy/attention banner, integrity/witness/doctor
status cards, and collapsible detail (doctor checks, witness coverage + TAMPER/ROLLBACK,
native scan/reconcile per agent profile, and the raw runtime env under system details).
Plus a light/dark toggle, deep-linkable tabs (
#healthetc.), and a click-to-pause live
poll. Read-only by construction — every endpoint is a GET over the sameop_*/snapshot
code the CLI and MCP use, so no separate write path exists (the ADR's hard constraint);
the transport is a minimal hand-rolled HTTP responder over tokio (zero new dependencies)
that binds 127.0.0.1 only, refuses non-localhostHostheaders (DNS-rebinding), and
answers GET only. Fact values are HTML-escaped everywhere — agent-supplied text can never
execute in the operator's browser. Default port 3368 ("dent" on a phone keypad);
--port/--no-opento adjust. The Tauri desktop shell remains the later packaging step
and will wrap this same surface. - Memory (the landing): a headline verdict (everything verified / N contested /
Full changelog: https://github.com/xyzzylabs/dent8/blob/main/CHANGELOG.md
dent8 v0.7.1
Install: cargo install dent8-cli --locked · pip install dent8 · npm install dent8 · prebuilt archives below. Docs: https://xyzzylabs.github.io/dent8/
Added
- Linux and Windows backends for keychain-backed identity keys —
keychain:<account>
now works on all three platforms, same contract as the macOS backend shipped in 0.7.0
(keygen refuses to overwrite an existing item; the public key derives from the private
item):- Linux: through
secret-tool(libsecret) against any Secret Service implementation
— GNOME Keyring, KWallet 5.97+ — with the secret passed over stdin, never argv. Needs
secret-toolonPATH(libsecret-toolson Debian/Ubuntu) and a running, unlocked
Secret Service; missing pieces produce pointed errors. - Windows: through the Credential Manager. Windows is the one platform with no
preinstalled CLI able to read a secret back, so this backend uses thekeyringcrate
(windows-native only, a Windows-only dependency — macOS/Linux stay subprocess-based and
dependency-free). Awindows-keychainCI job lints the CLI for the platform and runs a
real Credential Manager round trip.
- Linux: through
- Team identity playbook (roadmap: the key-distribution story):
what to commit (trust registry, signed grants, active-grant index, grant log — all public
by construction) versus what never leaves a machine (private keys, ideally
keychain-backed); onboarding a remote teammate with only their public key traveling;
rotation, revocation-as-a-PR, CI-bot keys, and clone-side verification. Every command in
it is exercised against the real binary.
Fixed
identity repair-envnow works for keys that are not bundle files: after
grant-issuefor a remote teammate (their key never left their machine) or for a
keychain-backed key, repair-env restores the missing active-grant registry entry from the
signed grant and honestly skips the env rewrite (it used to hard-fail trying to stat the
absent key file, leaving no way to register the grant).
Full changelog: https://github.com/xyzzylabs/dent8/blob/main/CHANGELOG.md
dent8 v0.7.0
Install: cargo install dent8-cli --locked · pip install dent8 · npm install dent8 · prebuilt archives below. Docs: https://xyzzylabs.github.io/dent8/
Added
- OS-keychain-backed identity keys (roadmap: identity productization; macOS in this
release):keychain:<account>is accepted wherever a signing-key path is —
DENT8_IDENTITY_KEY, keygen--out,grant-issue --issuer-key/--public-key,
trust-add— naming a generic-password item under keychain servicedent8instead of a
0600file.identity agent-keygen --out keychain:<account>generates straight into the
keychain (no file ever exists, the public key is printed and derivable from the private
item, and an existing item is refused, same as files). This narrows the threat model's
top residual: the key is encrypted at rest, locks with the session, and never lands in a
dotfile a backup or homedir sync would sweep. The secret passes to/usr/bin/security
over stdin, never argv. Windows Credential Manager / Linux secret-service are the
documented follow-up, with a clear error meanwhile. - MCP
resources/subscribe(roadmap: fact-change push): subscribe to a
dent8://{kind}/{key}/{predicate}fact stream and the server pushes
notifications/resources/updatedwhen it gains events — immediately after a write
through the same connection, and within a ~2s poll tick for writes from any other
process sharing the store (another agent, the CLI, a daemon peer), so long-running
agents stop re-pollingexplain. Subscribing to a not-yet-asserted stream is allowed and
notifies on its first write. Works on both transports: the stdio server (notifier thread;
responses and pushes interleave under one stdout lock) and the local daemon (per-connection
notifier + single writer task).dent8 mcp proxynow pumps frames bidirectionally
(previously strict request/response), so daemon clients receive pushes through it too.
initializeadvertisesresources.subscribe: trueonly where a notifier is actually
wired. dent8 whatif— policy-counterfactual replay (the rank-2 novelty direction in
research/novelty.md, now surfaced): re-fold the same immutable log
under a swapped epistemic trust policy —--distrust <source>(repeatable),
--authority-floor <level>,--confidence-floor <millis>— and see what would be believed,
with a per-fact structural diff (appeared / disappeared / lifecycle / value / supersession /
evidence changes) against the real fold. Read-only, deterministic, zero model invocations;
freshness is deliberately not a policy knob. Also an MCP tool (whatif, same arguments,
available to read-only daemon connections), with the diff mirrored instructuredContentand
an advertisedoutputSchema. At least one policy knob is required — the identity policy is
the plain fold (explain).scripts/load-test.sh— the concurrency harness (roadmap: load testing and tuning):
N parallel writers against one shared store, two phases — distinct facts (throughput +
event-id uniqueness) and a deliberate same-fact supersession herd (every write eventually
admitted, exactly one believed value,verifygreen over the full log). Defaults to a
temporary SQLite store; pointDENT8_STORE_URLat a throwaway Postgres (withPSQL
overridable for dockerized databases) to run the Postgres leg. The harness found every
concurrency fix below.- Cross-process write lease for
sqlite://andpostgres://stores
(SqliteEventStore::acquire_write_lease,PostgresEventStore::acquire_write_lease):
each write attempt now holds a backend lease across the whole decide+commit cycle — a
BEGIN IMMEDIATEon a<db>-leasesidecar database for SQLite, a session advisory lock
on a dedicated connection for Postgres. Optimistic retry alone is safe but livelocks
under sustained same-fact contention — the decide step re-reads a growing log, so a slow
writer's snapshot is perpetually stale by commit time; the lease turns the herd into a
fair queue. A crashed holder releases automatically (SQLite file locks and Postgres
sessions die with the process), waits are bounded, and a timeout is a retryable conflict
(SQLSTATE55P03on Postgres). Before: 16 writers × 50 contended supersessions exhausted
the retry budget; after: all 800 admitted on both backends, none exhausted. The SQLite
sidecar holds no data and may be deleted when no writer is running; in-memory stores skip
the lease (single-process by construction). See the new write-concurrency section in
docs/storage.md.
Fixed
SQLITE_BUSYat connect/migrate is a retryable conflict now: concurrent
first-connects race the schema DDL for the write lock; that BUSY was classified
Unavailable(fatal) and crashed parallel writers on a fresh store.connect_backend
also flattened errors to text, destroying the retryable class — it now returns the typed
StoreError, and the write path routesConflictinto the retry loop.- A stale-snapshot commit is retried, not reported as terminal: when a concurrent
writer lands between an op's decide snapshot and its durable append, the backend's
re-arbitration correctly rejects the commit (e.g.cannot mutate terminal fact state Superseded) — but that rejection surfaced as a non-retryable failure and crashed the
writer. It is now classified as a write conflict: the op re-decides from a fresh snapshot
and the write lands, or is genuinely rejected against current state. - Write-conflict retry widened: 32 attempts (was 16), exponential backoff capped at
256 ms (was 128 ms), still decorrelated per-process jitter.
Full changelog: https://github.com/xyzzylabs/dent8/blob/main/CHANGELOG.md
dent8 v0.6.1
Full Changelog: v0.6.0...v0.6.1
dent8 v0.6.0
What's Changed
- docs: generic agent + MCP-client adapters by @chicoxyzzy in #17
- feat(on-ramp): value-first path to first fact under 2 minutes by @chicoxyzzy in #19
Full Changelog: v0.5.0...v0.6.0
dent8 v0.5.0
What's Changed
- First-run UX hardening: repo-aware store resolution, unified registry, TTL ceiling everywhere, and a --ttl write surface by @chicoxyzzy in #12
- docs: getting-started guide by @chicoxyzzy in #13
- Native memory import/export for CLAUDE.md and AGENTS.md by @chicoxyzzy in #14
- Fix export splice: ignore fenced sentinels and match line endings by @chicoxyzzy in #15
- chore(release): prepare v0.5.0 by @chicoxyzzy in #16
Full Changelog: v0.4.0...v0.5.0
dent8 v0.4.0
What's Changed
- docs: fix stale claims and sharpen the wedge by @chicoxyzzy in #2
- Close the capture/inject loop: dent8 context, dent8 capture, and a default authority profile by @chicoxyzzy in #3
- Enforce grant issuer/scope, emit Retrieved/UsedInDecision, keep failed capture lines by @chicoxyzzy in #4
- fix(cli): scope-aware doctor write-check, fail-closed authority remove, order-independent cycle refusal by @chicoxyzzy in #6
- Externally-grounded adversarial eval corpus (honest per-class results) by @chicoxyzzy in #5
- Reconcile paper with eval evidence, retag persona layer, deflake hook test by @chicoxyzzy in #7
- Harden TTL retention ceiling and doctor write-check probe by @chicoxyzzy in #8
- feat: pluggable content-check hook at the write boundary by @chicoxyzzy in #9
- docs: dogfood dent8 as this repo's shared fact base by @chicoxyzzy in #11
- chore(release): prepare v0.4.0 by @chicoxyzzy in #10
Full Changelog: v0.3.2...v0.4.0
dent8 v0.3.2
Full Changelog: v0.3.1...v0.3.2