Versioning and Trust¶

Dokugent's architecture is designed to make every agent action traceable, every cert verifiable, and every version intentional. This document outlines the system's version control logic, signature integrity, and trust enforcement mechanisms.

Timestamped Folders¶

Each agent version is saved using a timestamped agentId (e.g., happybot@2025-05-24_19-15-55-492), generated at the moment the agent is first initialized. This timestamp is referred to as the birthstamp.

Why we use the birthstamp:¶

It chronologically anchors all agent activity to a single, verifiable point in time
It avoids ambiguous versioning or accidental file collisions
It supports deterministic folder naming for plans, certs, logs, and reports

By using a birthstamp, Dokugent guarantees that: - Each versioned folder is unique and easy to audit - Rebuilding, tracing, or certifying is consistent across all commands - Human users and systems can safely operate on parallel agents without conflict

SHA256 Integrity¶

Every certified or compiled agent file is accompanied by a .sha256 file:

Contains a cryptographic hash of the agent cert or bundle
Enables tamper detection and reproducibility checks
Used in trace and audit flows for verifying historical integrity

Symlink Logic¶

Dokugent automatically maintains symlinks for agent folders:

latest/ → Points to the most recently certified version
current/ → Points to the actively loaded working draft

This allows the CLI and downstream systems to load the correct agent version without hardcoding paths.

Trust Layer Vision¶

Dokugent treats agents as digital contracts:

Everything is versioned
Everything is signed
Nothing is deployed without trace or review

Future enhancements may include:

Certificate registries
Expiry and revocation metadata
Inter-agent trust references
Cross-signing between contributors

The goal is to make agent workflows transparent, auditable, and safe by default — even when LLMs are evolving rapidly.