The knowledge base layer for AI agents
Markdown-first. Git-backed. Permissions and provenance built in. Run it on your disk — or hosted, with one API key.
npm install -g kb0-mcp
Building an agent that sets itself up? Point it at kb0.dev/llms.txt.
Agents remember in flat files and opaque vectors — no history, no permissions, no receipts. kb0 makes memory a real layer: every note is markdown, every write is a commit, every operation typed, permissioned, and audited.
One tool call. Four guarantees.
Your agent calls a typed MCP tool. kb0 does the rest — every single time.
await mcp.callTool({ name: 'vault.write', arguments: { path: 'notes/auth.md', title: 'Auth: we chose JWT', content: 'Short-lived access + refresh tokens…', }, })
-
ACL checked
agent:research-botmay writenotes/**— allowed - Markdown written frontmatter stamped: author, id, created, updated
-
Git committed
feat: add notes/auth.md— signed by the agent - Indexed FTS5 + embeddings updated — searchable instantly
Reads, updates, deletes and searches run the same path — typed, permissioned, versioned. The vault stays a plain git repo you can open in Obsidian or VS Code anytime.
Git is the substrate
Every write is a commit, signed with the agent's identity. You own the history — audit, blame, revert, push, clone. No new database to trust.
$ git log --oneline a1b2c3d feat: update notes/architecture.md e4f5g6h feat: add notes/architecture.md 7h8i9j0 feat: init vault "my-vault" $ git log --author="agent:research-bot" # every change the agent made, with provenance
- git init on
kb0 init— embedded, nothing to install - one commit per write / update / delete
- signs commits with the agent identity
git log/diffto audit,revertto undogit pushto back up & syncgit cloneon a new machine — done
Connect from your stack
Native clients for Python and TypeScript, or plug straight into any MCP host — Claude Desktop, Cursor, your own loop.
# pip install kb0-mcp (the Python client) from kb0 import VaultClient async with VaultClient(vault="./my-vault", agent="research-bot") as kb: await kb.write( "notes/auth.md", title="Auth: we chose JWT", content="Short-lived access + refresh tokens…", tags=["auth", "security"], ) hits = await kb.search("token security", limit=5) # hosted instead? vault="kb0://team-kb", api_key=KB0_API_KEY
// the VaultClient ships inside kb0-mcp import { VaultClient } from 'kb0-mcp/client' const kb = await VaultClient.connect({ vault: './my-vault', agent: 'research-bot', }) await kb.write('notes/auth.md', { title: 'Auth: we chose JWT', content: 'Short-lived access + refresh tokens…', }) const hits = await kb.search('token security') await kb.close() // hosted instead? vault: 'kb0://team-kb', apiKey: KB0_API_KEY
{
"mcpServers": {
"kb0": {
"command": "kb0",
"args": ["serve", "--agent", "claude", "--vault", "/path/to/vault"]
}
}
}
10 MCP tools — a complete contract for agent knowledge · reference ↗
“Why not just a vector database?”
Because a vector DB stores embeddings — not knowledge. kb0 already has the vectors; what it adds is everything Pinecone makes you build yourself.
A vector DB alone
Opaque vectors, no source of truth. You still build the chunking, the document store, updates, and dedup. Upserts overwrite — no history, no rollback. No write semantics, no per-agent permissions, no links between notes. Priced per vector, with its own lock-in.
kb0
Markdown is the source of truth — open it in Obsidian, diff it in git. Every write is a commit, every read is logged, every change is permissioned. Hybrid search built in. Embedded SQLite, single binary. The index rebuilds from your files — you're never locked in.
One key. Local or hosted.
Point the same client at kb0:// and the vault lives on the kb0 cloud — with a live, content-free audit trail of everything your agents read, searched, and wrote. The full story →
// the vault address picks the backend — nothing else changes const kb = await VaultClient.connect({ vault: 'kb0://team-kb', agent: 'research-bot', apiKey: process.env.KB0_API_KEY, }) await kb.write('notes/auth.md', { title: 'Auth', content: '…' })
- named vaults — a git repo each, export anytime
- browse and edit in the dashboard
- every read, search, write — content-free
- hash-chained, tamper-evident
Plug it into your agent in two minutes
Markdown-first, git-backed, MCP-native — no service to run, no account to create. Or go hosted with one key.
npm install -g kb0-mcp && kb0 init my-vault