Persistent, consensus-validated memory infrastructure for AI agents.
SAGE gives AI agents institutional memory that persists across conversations, goes through BFT consensus validation, carries confidence scores, and decays naturally over time. Not a flat file. Not a vector DB bolted onto a chat app. Infrastructure — built on the same consensus primitives as distributed ledgers.
The architecture is described in Paper 1: Agent Memory Infrastructure.
Just want to install it? Download here — double-click, done. Works with any AI.
Agent (Claude, ChatGPT, DeepSeek, Gemini, etc.)
│ MCP / REST
▼
sage-gui
├── ABCI App (validation, confidence, decay, Ed25519 sigs)
├── App Validators (sentinel, dedup, quality, consistency — BFT 3/4 quorum)
├── Governance Engine (on-chain validator proposals + voting)
├── CometBFT consensus (single-validator or multi-agent network)
├── SQLite + optional AES-256-GCM encryption
├── CEREBRUM Dashboard (SPA, real-time SSE)
└── Network Agent Manager (add/remove agents, key rotation, LAN pairing)
Personal mode runs a real CometBFT node with 4 in-process application validators — every memory write goes through pre-validation, signed vote transactions, and BFT quorum before committing. Same consensus pipeline as multi-node deployments. Add more agents from the dashboard when you're ready.
Full deployment guide (multi-agent networks, RBAC, federation, monitoring): Architecture docs
http://localhost:8080/ui/ — force-directed neural graph, domain filtering, semantic search, real-time updates via SSE.
Add agents, configure domain-level read/write permissions, manage clearance levels, rotate keys, download bundles — all from the dashboard.
| Overview | Security | Configuration | Update |
|---|---|---|---|
 |
 |
 |
 |
| Chain health, peers, system status | Synaptic Ledger encryption, export | Boot instructions, cleanup, tooltips | One-click updates from dashboard |
- Encrypted Node-to-Node Communication — REST API TLS support for quorum mode. Per-quorum ECDSA P-256 certificate authority, auto-generated during
quorum-init/quorum-join. Dual-listener pattern: TLS on:8443for network traffic, plain HTTP onlocalhost:8080for dashboard/MCP. - CometBFT P2P Already Encrypted — Verified that CometBFT v0.38.15 encrypts all validator-to-validator gossip via SecretConnection (X25519 DH + ChaCha20-Poly1305). No plaintext memories on the wire.
- TLS Certificate Infrastructure — New
internal/tlsca/package: CA generation, node cert generation, PEM I/O, TLS config builders. Certificates distributed via quorum manifest during pairing. - TLS-Aware Clients — Go internal clients (MCP server, seed, vault, CLI) auto-detect
https://URLs and load quorum CA. Python SDK v6.1.0 addsca_certparameter.SAGE_CA_CERTenv var for explicit CA path. cert-statusCLI —sage-gui cert-statusshows CA/node cert expiry, fingerprints, 30-day warnings.- Docker TLS Support —
amidbinary supports--tls-cert,--tls-key,--tls-caflags. Production compose mounts cert volumes per node. - Foundation for v7.0 — Certificates include
ExtKeyUsageClientAuthfor future mTLS. Per-quorum CA model supports cross-quorum federation by exchanging CA certs.
- Dynamic Validator Governance — Validators can now be added, removed, and have their power updated without stopping the chain. Admin agents submit governance proposals, validators vote on-chain with 2/3 BFT quorum, and CometBFT applies validator set changes at consensus level. Zero downtime.
- On-Chain Governance Engine — New
internal/governance/package with deterministic integer-only quorum math, proposal lifecycle (voting → executed/rejected/expired/cancelled), proposer cooldown, min voting period, and power constraints. All state in BadgerDB, included in AppHash. - Governance Dashboard — New Governance section in the CEREBRUM Network page. Active proposal cards with vote tally, quorum progress bar, expiry countdown, and one-click voting. Proposal history with status badges. "New Proposal" wizard for admins.
- Security Constraints — 1/3 max power for new validators (prevents single-add takeover), min 2 validators after removal, 50-block proposer cooldown (prevents grief), 500-block max proposal TTL (prevents governance lockup), admin-only proposals, validator-only voting.
- FTS5 Full-Text Search — Keyword-based recall fallback when embeddings aren’t semantic.
- Docker Compose —
docker-compose.sage-gui.ymlwith Ollama sidecar for semantic embeddings. - Consensus-First Writes — Memory submissions go through full BFT consensus before appearing in queries.
- Byzantine Fault Tests in CI — 4-validator Docker cluster with fault injection.
- Nonce Replay Protection — Random nonce in request signing prevents sub-second replay collisions.
- Docker Env Vars —
OLLAMA_URLandOLLAMA_MODELproperly configure embeddings in Docker.
Full v5.x changelog
- v5.4.5: Docker env var support for OLLAMA_URL/OLLAMA_MODEL
- v5.4.4: Empty blocks fix for single-node idle timeout prevention
- v5.4.3: Null array fix (return
[]notnullfor empty results) - v5.4.2: Nonce verification threaded through full tx pipeline
- v5.4.1: Random nonce for replay protection
- v5.4.0: FTS5 search, Docker Compose with Ollama
- v5.3.x: Consensus-first writes, Byzantine CI tests, Docker hardening, write serialization
- v5.2.x: Immutable RegisteredName, self-updater fix, memory type guidance
- v5.1.0: Agent rename fix, self-healing name reconciliation
- v5.0.x: Agent pipeline, Python SDK, vault recovery, memory modes, MCP identity fix, Docker fix
- 4 Application Validators — Sentinel, Dedup, Quality, Consistency with 3/4 BFT quorum.
- RBAC — Agent isolation by default, domain-level permissions, clearance levels, multi-org federation.
- Synaptic Ledger — AES-256-GCM encryption with Argon2id key derivation, vault lock/unlock.
- Multi-Agent Networks — Add agents from dashboard, LAN pairing, key rotation, redeployment orchestrator.
- On-Chain Agent Identity — Registration, permissions, and metadata through CometBFT consensus.
- CEREBRUM Dashboard — Brain graph, focus mode, timeline, search, draggable panels.
| Paper | Key Result |
|---|---|
| Agent Memory Infrastructure | BFT consensus architecture for agent memory |
| Consensus-Validated Memory | 50-vs-50 study: memory agents outperform memoryless |
| Institutional Memory | Agents learn from experience, not instructions |
| Longitudinal Learning | Cumulative learning: rho=0.716 with memory vs 0.040 without |
git clone https://github.com/l33tdawg/sage.git && cd sage
go build -o sage-gui ./cmd/sage-gui/
./sage-gui setup # Pick your AI, get MCP config
./sage-gui serve # SAGE + Dashboard on :8080Or grab a binary: macOS DMG (signed & notarized) | Windows EXE | Linux tar.gz
docker pull ghcr.io/l33tdawg/sage:latest
docker run -p 8080:8080 -v ~/.sage:/root/.sage ghcr.io/l33tdawg/sage:latestPin a specific version with ghcr.io/l33tdawg/sage:6.0.0.
If you installed SAGE before v5.0 and your AI isn't doing turn-by-turn memory updates, re-run the installer in your project directory:
cd /path/to/your/project
sage-gui mcp installThis installs Claude Code hooks that enforce the memory lifecycle (boot, turn, reflect) — even if your .mcp.json is already configured. Restart your Claude Code session after running this.
| Doc | What's in it |
|---|---|
| Architecture & Deployment | Multi-agent networks, BFT, RBAC, federation, API reference |
| Getting Started | Setup walkthrough, embedding providers, multi-agent network guide |
| Security FAQ | Threat model, encryption, auth, signature scheme |
| Connect Your AI | Interactive setup wizard for any provider |
Go / CometBFT v0.38 / chi / SQLite / Ed25519 + AES-256-GCM + Argon2id / MCP
Code: Apache 2.0 | Papers: CC BY 4.0
Dhillon Andrew Kannabhiran (@l33tdawg)
A tribute to Felix 'FX' Lindner — who showed us how much further curiosity can go.