Trust boundaries

Durable semantic memory, not an executor.

mdkg is intentionally local-first, low-dependency, and repo-owned. It helps agents understand work, produce deterministic context, and leave auditable handoffs without becoming a hosted memory service, execution runtime, or secret-scanning product.

Markdown remains authoritative

Graph nodes are Markdown and frontmatter in your repo. Indexes, packs, generated docs, and runtime SQLite files are rebuildable support artifacts.

Low dependency is a security posture

mdkg uses normal CLI tooling, Markdown, Git, modern Node, and local generated artifacts instead of a hosted index, daemon, vector database, or hidden cloud state.

mdkg does not execute work

Goals, tasks, packs, checkpoints, and handoffs guide a human or agent. Code execution, deployments, model calls, and provider actions happen outside mdkg.

No hosted memory requirement

The public alpha does not require a cloud account, hosted index, vector database, or background daemon to keep the graph usable.

Read-only MCP boundary

The local MCP server is an inspection surface for status, search, show, pack, goal, and validation workflows, not shell, environment, SQL, or broad mutation access.

Local queue boundary

Project DB queue commands model local delivery state with dedupe, leases, retry, dead-letter, and stats. They are not a hosted queue or canonical event ledger.

Safety warnings are not DLP

Raw-marker warnings, no-secret scans, and handoff sanitization are useful review aids. They do not replace code review, secret scanning, or repository policy.

Safe public-alpha posture

  • Keep raw secrets, tokens, private keys, provider payloads, and bulky runtime traces out of graph nodes, checkpoints, packs, and handoffs.
  • Keep npm tokens, private registry credentials, package-manager auth files, and deployment tokens out of mdkg graph nodes.
  • Review any generated handoff before pasting it into another agent or repository.
  • Use small pilot repos first, then move larger teams through upgrade dry-runs and validation.
  • Treat project DB, subgraph, import, and MCP workflows as advanced alpha surfaces until your repo has explicit tests around them.