When developer guyweissman started scaling his AI agent workflows, he ran headfirst into Git's ceiling. As detailed in a new Hacker News post, the problem isn't that Git is bad—it's that Git was designed for human-speed collaboration on code, not autonomous agents hammering away at shared files simultaneously. The result: repo-level permissions that expose everything to anyone with push access, write conflicts between agents modifying completely different files because conflict detection happens at the repository level, and no way to subscribe to changes without polling. AgentStore is his answer—a self-hosted datastore purpose-built for multi-agent environments where speed, security, and real-time awareness actually matter.

Why Git Breaks Down With AI Agents

The core tension is timing. Git's conflict resolution operates at the repo level, meaning if Alice's agent pushes a.md while Bob's agent is pushing b.md, Bob's push gets rejected—not because of actual conflicts, but because both touched the same repository. As agent teams grow and work in parallel, this artificial serialization becomes a bottleneck that compounds with every additional agent. Beyond collisions, there's permission granularity: giving a research agent read access to /customers/sanitized means it also gets eyes on everything else in the repo unless you architect around it manually. Cloud platforms like Notion or Google Drive solve some of these problems but lock you into proprietary formats and vendor control—exactly what you don't want when your agents' memory is at stake.

Key Features That Set AgentStore Apart

AgentStore implements file-level optimistic concurrency control, meaning each push only fails if files actually overlap. Bob pushing b.md never gets blocked by Alice pushing a.md because the server checks conflicts per-file rather than per-repo. Real-time events come via WebSocket—subscribe to a path with store watch and get file.created, file.modified, file.deleted, or commit.pushed without polling. Authentication uses Ed25519 keypairs where the private key never leaves your machine—no passwords, no server-minted secrets, every request cryptographically signed. Storage is transparent: SQLite for metadata (commits, grants, principals), content-addressed objects/ using SHA-256 in a git-compatible layout so you can inspect, export, or migrate without proprietary tooling.

Installation and Agent Integration

The project ships as a single static binary installable via Homebrew on macOS/Linux, direct download from GitHub releases, or go install. For solo work, run store server start --data-dir ~/.agentstore/server-data & for a local instance in seconds. Agents get first-class support: Claude Code users can install directly as a plugin with /plugin marketplace add guyweissman/agentstore and the skill walks assistants through setup, read/write workflows, and error handling without humans in the loop. The exportable SKILL.md works across any LLM runtime that reads markdown instructions, making AgentStore genuinely agent-native rather than bolted on as an afterthought.

Permissions Model and Use Cases

Grants are hierarchical and immediate—store grant research-agent read /customers/sanitized/* gives exactly that access with no exposure to /finance or other paths. Revokes are retroactive: a removed principal loses access to history, not just future commits. This enables secure multi-agent workspaces where each agent operates on least-privilege principles enforced by the server rather than convention. The watch + log --cursor workflow powers reactive knowledge graphs: subscribe to source paths, receive events when files change, then fetch only the delta between your last cursor and now—no full re-scans, no polling loops.

Current Scope and Limitations

Version 0.1 is intentionally constrained: text-only files (.md, .txt, .json, .yaml, .toml, .csv), 100KB max file size, 1GB max repo size, macOS/Linux only on amd64 and arm64. These aren't fundamental limits but deliberate scope for a solid v1—adding binary support or bumping storage ceilings are future concerns once the core workflow is battle-tested.

The Bottom Line

Git served us well when chatbots needed somewhere to store prompts, but agent teams have outgrown what a tool designed for human code review can provide. AgentStore doesn't throw away versioning or portability—it builds on them while solving the problems that emerge when your collaborators run at machine speed and need fine-grained access controls you can't fake with .gitignore hacks. If you're running multiple agents against shared state today, this is worth spinning up. MIT licensed, single binary, zero vendor lock-in—what's not to like?