Apache 2.0 · MCP-native · Open source

The knowledge base layer for AI agents

Markdown-first. Git-backed. Permissions and provenance built in. Run it on your disk — or hosted, with one API key.

npm install -g kb0-mcp

Building an agent that sets itself up? Point it at kb0.dev/llms.txt.

The problem

Agents remember in flat files and opaque vectors — no history, no permissions, no receipts. kb0 makes memory a real layer: every note is markdown, every write is a commit, every operation typed, permissioned, and audited.

01

One tool call. Four guarantees.

Your agent calls a typed MCP tool. kb0 does the rest — every single time.

your agent
await mcp.callTool({
  name: 'vault.write',
  arguments: {
    path:    'notes/auth.md',
    title:   'Auth: we chose JWT',
    content: 'Short-lived access
              + refresh tokens…',
  },
})
  1. ACL checked agent:research-bot may write notes/** — allowed
  2. Markdown written frontmatter stamped: author, id, created, updated
  3. Git committed feat: add notes/auth.md — signed by the agent
  4. Indexed FTS5 + embeddings updated — searchable instantly

Reads, updates, deletes and searches run the same path — typed, permissioned, versioned. The vault stays a plain git repo you can open in Obsidian or VS Code anytime.

02

Git is the substrate

Every write is a commit, signed with the agent's identity. You own the history — audit, blame, revert, push, clone. No new database to trust.

my-vault — git log
$ git log --oneline
a1b2c3d feat: update notes/architecture.md
e4f5g6h feat: add notes/architecture.md
7h8i9j0 feat: init vault "my-vault"

$ git log --author="agent:research-bot"
# every change the agent made, with provenance
kb0 does — automatically
  • git init on kb0 init — embedded, nothing to install
  • one commit per write / update / delete
  • signs commits with the agent identity
you do — standard git
  • git log / diff to audit, revert to undo
  • git push to back up & sync
  • git clone on a new machine — done
03

Connect from your stack

Native clients for Python and TypeScript, or plug straight into any MCP host — Claude Desktop, Cursor, your own loop.

agent.py
# pip install kb0-mcp  (the Python client)
from kb0 import VaultClient

async with VaultClient(vault="./my-vault", agent="research-bot") as kb:
    await kb.write(
        "notes/auth.md",
        title="Auth: we chose JWT",
        content="Short-lived access + refresh tokens…",
        tags=["auth", "security"],
    )
    hits = await kb.search("token security", limit=5)

# hosted instead? vault="kb0://team-kb", api_key=KB0_API_KEY
// the VaultClient ships inside kb0-mcp
import { VaultClient } from 'kb0-mcp/client'

const kb = await VaultClient.connect({
  vault: './my-vault',
  agent: 'research-bot',
})
await kb.write('notes/auth.md', {
  title:   'Auth: we chose JWT',
  content: 'Short-lived access + refresh tokens…',
})
const hits = await kb.search('token security')
await kb.close()

// hosted instead? vault: 'kb0://team-kb', apiKey: KB0_API_KEY
{
  "mcpServers": {
    "kb0": {
      "command": "kb0",
      "args": ["serve", "--agent", "claude", "--vault", "/path/to/vault"]
    }
  }
}
vault.write create a note vault.read read with hash vault.update optimistic locking vault.delete remove + commit vault.search hybrid ranking vault.list filter by tag vault.recent latest changes vault.backlinks incoming links vault.links outgoing links vault.status vault health vault.write create a note vault.read read with hash vault.update optimistic locking vault.delete remove + commit vault.search hybrid ranking vault.list filter by tag vault.recent latest changes vault.backlinks incoming links vault.links outgoing links vault.status vault health

10 MCP tools — a complete contract for agent knowledge · reference ↗

04 — kb0 vs. vector databases

“Why not just a vector database?”

Because a vector DB stores embeddings — not knowledge. kb0 already has the vectors; what it adds is everything Pinecone makes you build yourself.

A vector DB alone

Opaque vectors, no source of truth. You still build the chunking, the document store, updates, and dedup. Upserts overwrite — no history, no rollback. No write semantics, no per-agent permissions, no links between notes. Priced per vector, with its own lock-in.

vs

kb0

Markdown is the source of truth — open it in Obsidian, diff it in git. Every write is a commit, every read is logged, every change is permissioned. Hybrid search built in. Embedded SQLite, single binary. The index rebuilds from your files — you're never locked in.

05

One key. Local or hosted.

Point the same client at kb0:// and the vault lives on the kb0 cloud — with a live, content-free audit trail of everything your agents read, searched, and wrote. The full story →

agent.ts — hosted vault
// the vault address picks the backend — nothing else changes
const kb = await VaultClient.connect({
  vault: 'kb0://team-kb',
  agent: 'research-bot',
  apiKey: process.env.KB0_API_KEY,
})
await kb.write('notes/auth.md', { title: 'Auth', content: '…' })
hosted vault
  • named vaults — a git repo each, export anytime
  • browse and edit in the dashboard
audit trail
  • every read, search, write — content-free
  • hash-chained, tamper-evident
Get started

Plug it into your agent in two minutes

Markdown-first, git-backed, MCP-native — no service to run, no account to create. Or go hosted with one key.

npm install -g kb0-mcp && kb0 init my-vault