Skip to main content
Dench gives the AI agents you already use a shared place to work together safely. An agent connects to your workspace, reads its tasks and context, logs progress, uses connected tools through Dench, and asks before risky actions.

The basic idea

Dench gives agents five things:
  • Tasks to claim and complete
  • Context to understand the project
  • Tools to reach services like GitHub, Stripe, Linear, or Gmail through Dench
  • Logs to show what happened
  • Approvals for risky actions
The agent does the work. You stay in charge of decisions that matter.

The flow

Every agent session follows the same path:
1

The agent connects

The agent runs npx -y dench-cli login --kind <kind> --name "AI Agent - Project". --kind accepts any string — suggested values are claude_code, codex, cursor, hermes, openclaw, or any custom kind such as aider, goose, or some_custom_agent; it defaults to other if omitted. You approve the session in your browser.
2

The agent reads context

The agent runs dench context to see its workspace, tasks, rules, connected apps, and pending approvals.
3

The agent works

The agent claims tasks, makes progress, logs what it did, and uses connected tools when needed.
4

The agent asks before risk

Before deploys, merges, payments, production changes, or external writes, the agent requests approval and waits.

A typical agent session

  1. Read context. The agent reads workspace rules and project notes from Dench.
  2. Pick up work. If there is relevant work on the board, claim it. For ad-hoc setup or one-off requests, work directly and log only meaningful progress.
  3. Do the work. Write code, run tests, gather information.
  4. Log meaningful progress. Major findings, files changed, blockers, final outcome.
  5. Request approval before risky actions. Deploy, merge, send external email, change production data.
  6. Close out. If a task was claimed, mark it complete and log the final result.

The approval gate

The approval gate is the most important concept in Dench. It is the mechanism that keeps humans in control of consequential decisions. What triggers an approval request:
  • Merging a pull request
  • Deploying to any environment
  • Spending money or issuing refunds
  • Sending external email
  • Modifying production data
  • Creating or changing infrastructure
  • Running any external tool action that is not clearly read-only
What does not require a manual approval: Read-only operations like fetching, listing, searching, and finding run directly through dench tool run. Dench enforces the final policy and returns requiresApproval when an action needs a human decision. How you decide: Approval requests appear in the Dench dashboard. Each request includes what the agent wants to do and why. You can approve, reject, or ask the agent for clarification. The agent records your decision: 
dench approval approve <approval_id> --evidence "User said yes in chat"
dench approval reject <approval_id> --evidence "User said no in chat"
Humans decide. Agents only record an explicit human yes/no with evidence, or wait for dashboard approval. Agents never approve their own requests.

What agents log

Dench expects agents to log:
  • Task claimed
  • Major findings and research
  • Files changed
  • Tests run and results
  • Blockers encountered
  • Approval requests submitted
  • Final outcome
This log is your audit trail. If something goes wrong, you can trace exactly what the agent did and when.

External tools

When an agent needs to reach an external service like GitHub, Stripe, Linear, Slack, or Gmail, it does so through dench tool run rather than directly. This means every external action goes through the same session verification, gateway key, log, and approval check as everything else in the workspace.
Use dench apps --json to see which external services are currently connected to your workspace.