Skip to content

Releases: xyzzylabs/dent8

dent8 v0.8.0

Choose a tag to compare

@github-actions github-actions released this 13 Jul 13:09
40649cf

What's Changed

  • Serialize the default file store through the firewall and tolerate corrupt lines by @chicoxyzzy in #22
  • Install and enforce the native-memory guard by default on dent8 init by @chicoxyzzy in #23
  • Require a signed identity for authority above the agent tier by @chicoxyzzy in #24
  • chore(release): prepare v0.8.0 by @chicoxyzzy in #25

Full Changelog: v0.7.3...v0.8.0

dent8 v0.7.3

Choose a tag to compare

@github-actions github-actions released this 13 Jul 07:58

What's Changed

  • docs: dent8 ui Memory view screenshot in README + website by @chicoxyzzy in #20
  • docs: light-mode variant of the dent8 ui Memory screenshot by @chicoxyzzy in #21

Full Changelog: v0.7.2...v0.7.3

dent8 v0.7.2

Choose a tag to compare

@github-actions github-actions released this 12 Jul 11:21

Install: cargo install dent8-cli --locked · pip install dent8 · npm install dent8 · prebuilt archives below. Docs: https://xyzzylabs.github.io/dent8/

The headline: dent8 ui — the stock binary now serves its own local, read-only memory dashboard (Memory / What-if / Health), read-only by construction.

Added

  • dent8 ui — a local, human-first memory dashboard (the first deliverable of
    ADR 0020, unfrozen): one command
    opens a dashboard in your browser, served straight from the stock binary, designed
    around the belief base rather than the plumbing. Four views:

    • Memory (the landing): a headline verdict (everything verified / N contested /
      N stale / integrity failed), stat tiles, and the believed facts as cards — the
      value shown large, a freshness color-bar down the side, authority + freshness badges,
      contested facts showing both rival values inline. Click any card for a slide-in drawer
      with the full integrity receipt (authority, hash, chain, corroboration, survived
      challenges, validity window) and the complete replay timeline.
    • Activity: every event across the log, newest first (rejected supersessions appear
      as the fact.challenge_rejected events recorded on their incumbents).
    • What-if: re-fold the log under a different trust policy and see now-vs-under-policy
      with per-fact diffs — deterministic, no model calls.
    • Health: a status-page rollup — a healthy/attention banner, integrity/witness/doctor
      status cards, and collapsible detail (doctor checks, witness coverage + TAMPER/ROLLBACK,
      native scan/reconcile per agent profile, and the raw runtime env under system details).

    Plus a light/dark toggle, deep-linkable tabs (#health etc.), and a click-to-pause live
    poll. Read-only by construction — every endpoint is a GET over the same op_*/snapshot
    code the CLI and MCP use, so no separate write path exists (the ADR's hard constraint);
    the transport is a minimal hand-rolled HTTP responder over tokio (zero new dependencies)
    that binds 127.0.0.1 only, refuses non-localhost Host headers (DNS-rebinding), and
    answers GET only. Fact values are HTML-escaped everywhere — agent-supplied text can never
    execute in the operator's browser. Default port 3368 ("dent" on a phone keypad);
    --port/--no-open to adjust. The Tauri desktop shell remains the later packaging step
    and will wrap this same surface.

Full changelog: https://github.com/xyzzylabs/dent8/blob/main/CHANGELOG.md

dent8 v0.7.1

Choose a tag to compare

@github-actions github-actions released this 12 Jul 00:57

Install: cargo install dent8-cli --locked · pip install dent8 · npm install dent8 · prebuilt archives below. Docs: https://xyzzylabs.github.io/dent8/

Added

  • Linux and Windows backends for keychain-backed identity keyskeychain:<account>
    now works on all three platforms, same contract as the macOS backend shipped in 0.7.0
    (keygen refuses to overwrite an existing item; the public key derives from the private
    item):
    • Linux: through secret-tool (libsecret) against any Secret Service implementation
      — GNOME Keyring, KWallet 5.97+ — with the secret passed over stdin, never argv. Needs
      secret-tool on PATH (libsecret-tools on Debian/Ubuntu) and a running, unlocked
      Secret Service; missing pieces produce pointed errors.
    • Windows: through the Credential Manager. Windows is the one platform with no
      preinstalled CLI able to read a secret back, so this backend uses the keyring crate
      (windows-native only, a Windows-only dependency — macOS/Linux stay subprocess-based and
      dependency-free). A windows-keychain CI job lints the CLI for the platform and runs a
      real Credential Manager round trip.
  • Team identity playbook (roadmap: the key-distribution story):
    what to commit (trust registry, signed grants, active-grant index, grant log — all public
    by construction) versus what never leaves a machine (private keys, ideally
    keychain-backed); onboarding a remote teammate with only their public key traveling;
    rotation, revocation-as-a-PR, CI-bot keys, and clone-side verification. Every command in
    it is exercised against the real binary.

Fixed

  • identity repair-env now works for keys that are not bundle files: after
    grant-issue for a remote teammate (their key never left their machine) or for a
    keychain-backed key, repair-env restores the missing active-grant registry entry from the
    signed grant and honestly skips the env rewrite (it used to hard-fail trying to stat the
    absent key file, leaving no way to register the grant).

Full changelog: https://github.com/xyzzylabs/dent8/blob/main/CHANGELOG.md

dent8 v0.7.0

Choose a tag to compare

@github-actions github-actions released this 11 Jul 20:55

Install: cargo install dent8-cli --locked · pip install dent8 · npm install dent8 · prebuilt archives below. Docs: https://xyzzylabs.github.io/dent8/

Added

  • OS-keychain-backed identity keys (roadmap: identity productization; macOS in this
    release): keychain:<account> is accepted wherever a signing-key path is —
    DENT8_IDENTITY_KEY, keygen --out, grant-issue --issuer-key / --public-key,
    trust-add — naming a generic-password item under keychain service dent8 instead of a
    0600 file. identity agent-keygen --out keychain:<account> generates straight into the
    keychain (no file ever exists, the public key is printed and derivable from the private
    item, and an existing item is refused, same as files). This narrows the threat model's
    top residual: the key is encrypted at rest, locks with the session, and never lands in a
    dotfile a backup or homedir sync would sweep. The secret passes to /usr/bin/security
    over stdin, never argv. Windows Credential Manager / Linux secret-service are the
    documented follow-up, with a clear error meanwhile.
  • MCP resources/subscribe (roadmap: fact-change push): subscribe to a
    dent8://{kind}/{key}/{predicate} fact stream and the server pushes
    notifications/resources/updated when it gains events — immediately after a write
    through the same connection, and within a ~2s poll tick for writes from any other
    process sharing the store
    (another agent, the CLI, a daemon peer), so long-running
    agents stop re-polling explain. Subscribing to a not-yet-asserted stream is allowed and
    notifies on its first write. Works on both transports: the stdio server (notifier thread;
    responses and pushes interleave under one stdout lock) and the local daemon (per-connection
    notifier + single writer task). dent8 mcp proxy now pumps frames bidirectionally
    (previously strict request/response), so daemon clients receive pushes through it too.
    initialize advertises resources.subscribe: true only where a notifier is actually
    wired.
  • dent8 whatif — policy-counterfactual replay (the rank-2 novelty direction in
    research/novelty.md, now surfaced): re-fold the same immutable log
    under a swapped epistemic trust policy — --distrust <source> (repeatable),
    --authority-floor <level>, --confidence-floor <millis> — and see what would be believed,
    with a per-fact structural diff (appeared / disappeared / lifecycle / value / supersession /
    evidence changes) against the real fold. Read-only, deterministic, zero model invocations;
    freshness is deliberately not a policy knob. Also an MCP tool (whatif, same arguments,
    available to read-only daemon connections), with the diff mirrored in structuredContent and
    an advertised outputSchema. At least one policy knob is required — the identity policy is
    the plain fold (explain).
  • scripts/load-test.sh — the concurrency harness (roadmap: load testing and tuning):
    N parallel writers against one shared store, two phases — distinct facts (throughput +
    event-id uniqueness) and a deliberate same-fact supersession herd (every write eventually
    admitted, exactly one believed value, verify green over the full log). Defaults to a
    temporary SQLite store; point DENT8_STORE_URL at a throwaway Postgres (with PSQL
    overridable for dockerized databases) to run the Postgres leg. The harness found every
    concurrency fix below.
  • Cross-process write lease for sqlite:// and postgres:// stores
    (SqliteEventStore::acquire_write_lease, PostgresEventStore::acquire_write_lease):
    each write attempt now holds a backend lease across the whole decide+commit cycle — a
    BEGIN IMMEDIATE on a <db>-lease sidecar database for SQLite, a session advisory lock
    on a dedicated connection for Postgres. Optimistic retry alone is safe but livelocks
    under sustained same-fact contention — the decide step re-reads a growing log, so a slow
    writer's snapshot is perpetually stale by commit time; the lease turns the herd into a
    fair queue. A crashed holder releases automatically (SQLite file locks and Postgres
    sessions die with the process), waits are bounded, and a timeout is a retryable conflict
    (SQLSTATE 55P03 on Postgres). Before: 16 writers × 50 contended supersessions exhausted
    the retry budget; after: all 800 admitted on both backends, none exhausted. The SQLite
    sidecar holds no data and may be deleted when no writer is running; in-memory stores skip
    the lease (single-process by construction). See the new write-concurrency section in
    docs/storage.md.

Fixed

  • SQLITE_BUSY at connect/migrate is a retryable conflict now: concurrent
    first-connects race the schema DDL for the write lock; that BUSY was classified
    Unavailable (fatal) and crashed parallel writers on a fresh store. connect_backend
    also flattened errors to text, destroying the retryable class — it now returns the typed
    StoreError, and the write path routes Conflict into the retry loop.
  • A stale-snapshot commit is retried, not reported as terminal: when a concurrent
    writer lands between an op's decide snapshot and its durable append, the backend's
    re-arbitration correctly rejects the commit (e.g. cannot mutate terminal fact state Superseded) — but that rejection surfaced as a non-retryable failure and crashed the
    writer. It is now classified as a write conflict: the op re-decides from a fresh snapshot
    and the write lands, or is genuinely rejected against current state.
  • Write-conflict retry widened: 32 attempts (was 16), exponential backoff capped at
    256 ms (was 128 ms), still decorrelated per-process jitter.

Full changelog: https://github.com/xyzzylabs/dent8/blob/main/CHANGELOG.md

dent8 v0.6.1

Choose a tag to compare

@github-actions github-actions released this 11 Jul 14:14

Full Changelog: v0.6.0...v0.6.1

dent8 v0.6.0

Choose a tag to compare

@github-actions github-actions released this 11 Jul 11:34

What's Changed

  • docs: generic agent + MCP-client adapters by @chicoxyzzy in #17
  • feat(on-ramp): value-first path to first fact under 2 minutes by @chicoxyzzy in #19

Full Changelog: v0.5.0...v0.6.0

dent8 v0.5.0

Choose a tag to compare

@github-actions github-actions released this 09 Jul 11:51
0ae2e5a

What's Changed

  • First-run UX hardening: repo-aware store resolution, unified registry, TTL ceiling everywhere, and a --ttl write surface by @chicoxyzzy in #12
  • docs: getting-started guide by @chicoxyzzy in #13
  • Native memory import/export for CLAUDE.md and AGENTS.md by @chicoxyzzy in #14
  • Fix export splice: ignore fenced sentinels and match line endings by @chicoxyzzy in #15
  • chore(release): prepare v0.5.0 by @chicoxyzzy in #16

Full Changelog: v0.4.0...v0.5.0

dent8 v0.4.0

Choose a tag to compare

@github-actions github-actions released this 08 Jul 23:22
66aa6fe

What's Changed

  • docs: fix stale claims and sharpen the wedge by @chicoxyzzy in #2
  • Close the capture/inject loop: dent8 context, dent8 capture, and a default authority profile by @chicoxyzzy in #3
  • Enforce grant issuer/scope, emit Retrieved/UsedInDecision, keep failed capture lines by @chicoxyzzy in #4
  • fix(cli): scope-aware doctor write-check, fail-closed authority remove, order-independent cycle refusal by @chicoxyzzy in #6
  • Externally-grounded adversarial eval corpus (honest per-class results) by @chicoxyzzy in #5
  • Reconcile paper with eval evidence, retag persona layer, deflake hook test by @chicoxyzzy in #7
  • Harden TTL retention ceiling and doctor write-check probe by @chicoxyzzy in #8
  • feat: pluggable content-check hook at the write boundary by @chicoxyzzy in #9
  • docs: dogfood dent8 as this repo's shared fact base by @chicoxyzzy in #11
  • chore(release): prepare v0.4.0 by @chicoxyzzy in #10

Full Changelog: v0.3.2...v0.4.0

dent8 v0.3.2

Choose a tag to compare

@github-actions github-actions released this 06 Jul 17:46

Full Changelog: v0.3.1...v0.3.2