git.agentic
Three projects · all open source Apache 2.0 Rust · TypeScript · Python

The tooling under software assumes a human in the loop.

Agents broke that assumption. git.agentic is three projects rebuilding the base layer — version control, source control, and supply-chain security — for the agentic age.

git revert     assumes code is the only thing that changed   → git.agentic
npm install    assumes a human read what it fetched          → Sentinel
your checkout  assumes one pair of hands                     → src-control

git.agentic

Git for agent behavior.

An agent's behavior is determined by six things — code, prompts, tools, model, memory, schema — and git revert only knows about one of them. git.agentic snapshots the whole tuple atomically and rolls all six dimensions back coherently, including reverse schema migrations and memory state.

$ agentic rollback v0.7
  ✓ Schema reverted          in 0.4s
  ✓ Memory restored          in 2.1s
  ✓ Prompts restored         in 0.0s
  ✓ HEAD now at i7j8k9l (rollback of v0.8 → v0.7)

Rust core · Python SDK · v1.0 shipped, v1.1 in progress

Full page →   GitHub →

src-control

Version control built for fleets of agents.

A checkout assumes one developer, one directory, one disk. Agents want N parallel worktrees, now, and gone without a trace afterwards. src-control forks copy-on-write worktrees entirely in RAM — checkout to disk only when you ask — with native committed secrets, signed commits, sealed agent-session transcripts, and bidirectional Git sync (local or GitHub).

# fork 4 parallel in-RAM worktrees off one snapshot
$ sc demo --agents 4

# agent workspaces: run a command across N forks, harvest results
$ sc work --agents 4 -- cargo test

Rust · Phases 1–31 built

Full page →   GitHub →

Sentinel

An agent-auditable security layer for npm.

Agents run npm install and execute code nobody read. Sentinel is a transparent auditing proxy in front of registry.npmjs.org: every tarball is scored by a deterministic engine and carries a verdict before install-time code runs, and a deny-by-default sandbox contains what does run. The agent can request; only a human grants.

  color-stream@1.4.1
  ────────────────────────────────────────
  install    ⚠ runs lifecycle scripts
  score      ░░░░░░░░░░ 0/100
  verdict    BLOCK
  critical [install-scripts]  postinstall decodes an encoded blob
  critical [secret-exfil]     reads ~/.npmrc, AWS credentials…

  HTTP 403  x-sentinel-verdict: block

TypeScript · full security layer built · open-source launch prep

Full page →   GitHub →