agentstore

module
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 16, 2026 License: MIT

README

AgentStore - a datastore for AI agents

Git is for one agent. AgentStore is for agent teams.

Git has become the storage option of choice for many AI agent users, harnesses and knowledge frameworks. It made a lot of sense when chatbots were just getting started - users were looking for ways to manage their work. Chatbots forced us into linear workflows, but we needed a multi-dimensional workspace to track prompts, revisit artifacts, chain outputs and more.

When users started managing prompts and skills Git became an even stronger fit for these code-like artifacts.

The AI agent datastore use case plays to Git's strengths:

  • Portable - we want to own our agents' memory especially with something as sticky as a personal agent
  • Versioning and auditability - both to counter the probabilistic nature of agents and to manage skills and prompts
  • Integration fit - easily connect with agents like Codex or Claude Cowork, which are built to live in folders, and are also well versed in using Git

As we continue to push agents' capabilities we are starting to see new requirements. Git was built for human speed. Mixed multi-user/agent environments need finer grained permissions. Knowledge frameworks like GBrain (agent memory layer) want awareness of when things change to reduce stale knowledge.

The challenges are:

  • Repo-level permissions - Any agent with push access can read and write every file. You cannot give a research agent access to /customers/sanitized without also exposing /finance
  • Write starvation - Even when two agents modify completely different files, the second to push must pull, merge, and retry — because Git conflict detection is repo-level, not file-level. Agents work much faster than humans, and as agent teams grow collisions will increase
  • No live events - Git is a passive store. Knowledge systems that need to react to changes must poll

Git isn't the only option, but all options today force a bad choice:

  • Git and open comparables - portable, familiar, versioned — but repo-level permissions, no live events, designed for code
  • Cloud drives and note apps (Google Drive / Box / Notion) - file permissions, real-time events — but proprietary, vendor lock-in, not agent-native
  • Version-controlled data (Dolt, lakeFS) - versioned, branchable — but built to version data (SQL tables, data-lake objects), not files, which is where agents live

Git's strengths are: portability + versioning + integration fit

AgentStore adds: file-level access control + non-blocking writes + real-time events

I built AgentStore as a datastore for the agents I use in my work.


Key features

Git Cloud Drives AgentStore
Portable / self-hostable
Versioned history limited
File-level permissions
Non-blocking writes
Real-time events
Agent-native workflow
Open storage format

File-level optimistic concurrency. Bob pushing b.md is never blocked by Alice pushing a.md. Conflicts are scoped to the specific files in a commit, not the whole repo. Write starvation is eliminated.

Real-time event stream. Subscribe to a path with store watch. The server emits file.created, file.modified, file.deleted, and commit.pushed events over a persistent WebSocket when commits are accepted. Agents react to data changes instead of polling.

Ed25519 keypair auth. Every request is signed. No passwords, no server-minted secrets. The private key never leaves the machine.

Portable self-hosted server. A single static binary — easy to install. Run it on localhost for solo development or on any Linux/macOS machine for a team.

Open storage format. SQLite for metadata, content-addressed objects/ for file content (SHA-256, git-compatible layout). Inspect, export, or migrate without proprietary tooling.


Install

AgentStore is usually installed by an agent — start here.

For agents

Claude Code — install the skill as a plugin (no clone required):

/plugin marketplace add guyweissman/agentstore
/plugin install agentstore@agentstore

And then ask Claude to install the AgentStore CLI.

Other agents — hand your assistant this instruction:

Read https://raw.githubusercontent.com/guyweissman/agentstore/main/internal/skill/content/SKILL.md and follow it to install and use AgentStore.

The skill walks the agent through installing the store binary and the full read / contribute / sync workflow.

For humans

macOS / Linux — Homebrew:

brew install guyweissman/tap/store

Linux / macOS — prebuilt binary. Downloads the right build for this machine and drops store on your PATH:

OS=$(uname -s | tr A-Z a-z); ARCH=$(uname -m); case $ARCH in x86_64) ARCH=amd64;; aarch64|arm64) ARCH=arm64;; esac
curl -fsSL "https://github.com/guyweissman/agentstore/releases/latest/download/store_${OS}_${ARCH}.tar.gz" | sudo tar -xz -C /usr/local/bin store
store version

With Go (no clone required):

go install github.com/guyweissman/agentstore/cmd/store@latest

Installs to $(go env GOPATH)/bin (usually ~/go/bin) — make sure that's on your PATH. To build from a clone instead, see Building from source.


Quickstart

1. Start a local server
store server start --data-dir ~/.agentstore/server-data &
2. Register an identity
mkdir -p ~/.agentstore
ssh-keygen -t ed25519 -N "" -f ~/.agentstore/id_ed25519
store register --remote http://127.0.0.1:8080 \
  --username alice \
  --public-key ~/.agentstore/id_ed25519.pub
3. Create a repo
cd ~
store init http://127.0.0.1:8080/my-workspace my-workspace
cd my-workspace
store whoami   # → alice
mkdir -p strategy
4. Watch for changes (optional - in another terminal)
cd ~/my-workspace
store watch /strategy &  # streams events under /strategy (a repo path)
5. Commit and push - watch the event fire
echo "# Strategy" > strategy/icp.md
store add strategy/icp.md
store commit -m "Add ICP draft"
store push

Use AgentStore from an AI assistant

AgentStore ships an agent skill — a short guide that teaches an AI assistant (Claude Code, Codex, and other runtimes that read SKILL.md) how to read, contribute to, and stay in sync with a repo, including the conflict and permission failure modes that otherwise trip agents up.

Any assistant — export the skill and point your tool at it:

store skill export ./agentstore-skill   # writes SKILL.md + reference/ (portable markdown)
store skill export --stdout             # or print SKILL.md to stdout

Move agentstore-skill/ into wherever your assistant loads skills (for Claude Code: ~/.claude/skills/, or run claude --plugin-dir ./agentstore-skill).

Claude Code — install from this repo as a marketplace (no clone required):

/plugin marketplace add guyweissman/agentstore
/plugin install agentstore@agentstore

Both paths serve the same content, generated from the live CLI so the reference never drifts. Regenerate after changing commands with go generate ./internal/skill.


Path conventions

AgentStore commands take paths in one of two forms, depending on what the command acts on:

  • Working-tree paths — files in your local checkout. Used by add, rm, checkout, and the path filters on log/diff; shown by status, log, show, and diff. Written relative, with no leading slash (strategy/icp.md), exactly like an ordinary file path. A leading slash is treated as a filesystem-absolute path and rejected as outside the repo. Output from log and status pastes directly into add/rm.
  • Store paths — addresses in the repo's namespace, independent of any checkout, always written /-rooted. grant/revoke take an exact path (/strategy/icp.md) or a subtree wildcard (/strategy/*, or /* for the whole repo); a bare / is not a valid grant pattern. watch takes a path prefix, so omit it (or pass /) to watch the whole repo. permissions <path> queries the grants effective at a path.

CLI reference

Store setup
store init <url> [<directory>]      # create a repo on a server and check it out locally
store clone <url> [<directory>]     # download a remote repo (permission-filtered)
store remote add <name> <url>       # add a remote
store remote list                   # list remotes
store config --global <key> [value] # get/set global config
store config --local  <key> [value] # get/set per-repo config
File operations
store add <path>                    # stage a file or glob
store add .                         # stage all changes
store rm <path>                     # stage a deletion
store status                        # show staged/unstaged changes
store diff [<path>]                 # unstaged diffs
store diff --staged [<path>]        # staged diffs
Committing and syncing
store commit -m "<message>"         # commit staged changes
store push [<remote>]               # push to remote (file-level OCC)
store pull [<remote>]               # fetch + merge (3-way per file)
store merge --abort                 # discard an in-progress merge
store reset                         # discard all unpushed commits
store push <remote> --mirror        # admin only: full bootstrap to an empty remote
History
store log [<path>]                  # commit history, optionally scoped to a file
store log -n <N>                    # most recent N commits
store log --author <principal>      # filter by author
store log --since <ISO-date>        # commits at or after a time
store log --to <ISO-date>           # commits at or before a time
store log --cursor <token>          # commits after a sync cursor (agent sync primitive)
store log --to-cursor <token>       # commits up to a sync cursor
store log --reverse                 # oldest first (for ordered delta replay)
store log --json                    # machine-readable output
store show <commit_id>              # show a specific commit
store checkout <commit|seq> <path>  # restore a file to a prior version
store checkout <commit|seq> .       # rewind the entire repo (non-destructive; admins and owners of /* only)
Permissions
store grant <principal> <permission> <path>   # read / write / owner on a path
store revoke <principal> <path>               # remove a grant
store permissions <path>                      # list effective permissions
Real-time events
store watch [<path>]                          # stream events under a path (JSON; defaults to /)
store watch --events <type,...>               # filter by event type
store watch --cursor <token>                  # resume from a sync cursor

Event types: file.created, file.modified, file.deleted, commit.pushed

Identity
store register --remote <url> --username <name> --public-key <path>
store bind --remote <url> --username <name> --public-key <path>   # reconnect to an existing identity (e.g. after a repo move)
store whoami                                  # confirm authenticated identity
store rekey --public-key <path>               # rotate your public key
store principals list [--remote <url>]        # browse a directory
Membership and admin
store principals add <username>               # admin only: add a principal to this repo
store principals remove <username>            # admin only: remove (cascades grants)
store admin add <principal>                   # grant admin role
store admin revoke <principal>                # revoke admin role
store admin list                              # list admins
Server
store server start [--addr <addr>] [--data-dir <path>]
store server stop
Agent skill
store skill export [<dir>]                    # write the agent skill (default: ./agentstore-skill)
store skill export --stdout                   # print SKILL.md to stdout

Permissions model

Grants are file-level and hierarchical. A grant on /strategy/* covers every file under /strategy. Effective permission on a path is the maximum level across all matching grants.

Three levels: read < write < owner. An owner of a path may grant/revoke within its subtree. A repo admin may grant/revoke on any path and controls who is a repo member.

# A research agent reads sanitized customer data but cannot touch finance
store grant research-agent read /customers/sanitized/*

# A writer agent can update strategy files
store grant writer-agent write /strategy/*

Grants take effect immediately on the server and are retroactive: a revoke removes access to history, not just future commits. Repos are private by default — a new member sees nothing until granted a path.


Use cases

Secure multi-agent workspaces

Give each agent least-privilege access. A summarization agent can read /research/raw and write /research/summaries without seeing /finance or /legal. Enforced by the server, not convention.

Reactive knowledge graph synthesis

Subscribe to source paths with watch. When a file changes, call log --cursor <last_cursor> --json to get only the delta and re-synthesize only what changed — no polling, no full re-scan.

store watch /knowledge-base --cursor 4257
# → receives file.modified for /knowledge-base/customers.md at seq 4260
store log --cursor 4257 --to-cursor 4260 --json
# → fetch and apply only the delta
Concurrent multi-agent workflows

Multiple agents push to non-overlapping file paths simultaneously. No artificial serialization — each push is checked only against the specific files it touches.

Portable knowledge bases

Self-host on any machine. Move a repo to a new server with push --mirror — history, grants, roles, and the member roster all travel with it. log --cursor consumers resume without a gap.


Architecture overview

<data-dir>/
  server.db          # server-wide identity directory
  <repo>/
    store.db         # SQLite: commits, file_branch_heads, grants, principals, roles
    objects/         # content-addressed file content (SHA-256)

Content-addressed object store. Identical to git's layout (objects/<hash[0:2]>/<hash[2:]>), using SHA-256. Objects are immutable; deduplication is free.

SQLite metadata. Commit log, per-file version heads, access-control grants, and the member roster. WAL mode for concurrent reads during writes.

File-level OCC. On push, each file carries its based_on_commit_id. The server atomically checks that every file's base still matches the current head. If all match, the commit is accepted and heads are updated. If any file has been modified since the base, the whole commit is rejected with the conflicting file names and current head commit IDs. Unrelated files never block each other.

In-memory event hub. When a push is accepted, the server fans out events directly from the in-memory commit (zero extra reads). Each subscriber gets a bounded buffer; a slow subscriber is dropped and recovers via log --cursor on reconnect. Permission filtering is evaluated against current grants at publish time, not at subscribe time.

Per-request signing. Every HTTP request is signed over (principal_id, method, request_path, body_hash, timestamp) with ed25519. The WebSocket handshake is signed once; the connection is then trusted for its lifetime. No sessions, no server-stored secrets.

For full technical details see [project_spec/architecture.md](project_spec/architecture.md).


v0.1 scope

  • Text files only (.md, .txt, .json, .yaml, .toml, .csv, and similar plain text)
  • Maximum file size: 100 KB (configurable)
  • Maximum repo size: 1 GB (configurable)
  • macOS and Linux, amd64 and arm64
  • Single static binary

Building from source

Prerequisites: Go 1.25+.

Install the latest tagged build directly:

go install github.com/guyweissman/agentstore/cmd/store@latest

Or clone and build, for working on AgentStore itself:

git clone https://github.com/guyweissman/agentstore.git
cd agentstore
go build -o store ./cmd/store   # build the binary into ./store
go test ./...                   # run the tests
go vet ./...                    # static analysis

License

Released under the MIT License.

Directories

Path Synopsis
cmd
store command
internal
buildinfo
Package buildinfo exposes version metadata stamped into the binary at build time.
Package buildinfo exposes version metadata stamped into the binary at build time.
cli
client
Package client is the HTTP client for the AgentStore server.
Package client is the HTTP client for the AgentStore server.
identity
Package identity handles ed25519 keypairs: loading private keys, parsing public keys, and signing/verifying request preimages.
Package identity handles ed25519 keypairs: loading private keys, parsing public keys, and signing/verifying request preimages.
index
Package index manages .agentstore/index.db — the local working state that is never pushed to the server: staged changes, merge-in-progress marker.
Package index manages .agentstore/index.db — the local working state that is never pushed to the server: staged changes, merge-in-progress marker.
log
Package log provides the application logger and the structured audit-line helper.
Package log provides the application logger and the structured audit-line helper.
merge
Package merge implements a line-level three-way text merge.
Package merge implements a line-level three-way text merge.
server
Package server implements the AgentStore HTTP server.
Package server implements the AgentStore HTTP server.
skill
Package skill embeds the AgentStore agent skill and exports it to disk.
Package skill embeds the AgentStore agent skill and exports it to disk.
skill/gen command
Command gen renders the embedded skill content from templates and the live CLI command tree.
Command gen renders the embedded skill content from templates and the live CLI command tree.
skill/skillgen
Package skillgen renders the embedded skill content (SKILL.md + reference/) from templates/ and the live CLI command tree.
Package skillgen renders the embedded skill content (SKILL.md + reference/) from templates/ and the live CLI command tree.
storage
Package storage defines the database abstraction used throughout AgentStore.
Package storage defines the database abstraction used throughout AgentStore.
storage/sqlite
Package sqlite provides a storage.DB backed by a pure-Go SQLite driver.
Package sqlite provides a storage.DB backed by a pure-Go SQLite driver.
store
Package store manages the local repository: store.db metadata + objects/ content store.
Package store manages the local repository: store.db metadata + objects/ content store.
testutil
Package testutil provides helpers shared across test packages.
Package testutil provides helpers shared across test packages.
workspace
Package workspace handles interactions with the working tree: path normalization, directory scanning, and hashing files on disk.
Package workspace handles interactions with the working tree: path normalization, directory scanning, and hashing files on disk.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL