const agent = await kavach.agent.create({
  name: "code-reviewer",
  type: "autonomous",
  permissions: [
    { resource: "mcp:github:*", actions: ["read"] },
    { resource: "mcp:slack:send", actions: ["execute"] },
  ],
});

const check = await kavach.authorize(agent.id, {
  action: "read",
  resource: "mcp:github:repos",
});
// => { allowed: true, auditId: "aud_..." }

Read the docs

MCP OAuth 2.1

MCP tool servers

Add standards-compliant OAuth 2.1 to your MCP servers.

import { mcpOAuthServer } from "kavachos/mcp";

const mcp = mcpOAuthServer({
  kavach,
  pkce: "S256",           // RFC 7636
  dynamicRegistration: true, // RFC 7591
  resourceIndicators: true,  // RFC 8707
});

// Hono / Express / Cloudflare Workers
app.use("/oauth/*", mcp.handler());

Read the docs

Audit + compliance

Compliance reports

Generate EU AI Act and SOC 2 reports from your audit trail.

const report = await kavach.compliance.report({
  standard: "eu-ai-act",
  from: "2025-01-01",
  to: "2025-12-31",
});

// => {
//   summary: { totalActions: 48203, denied: 12 },
//   agentInventory: [...],
//   riskAssessment: { level: "limited" },
//   exportUrl: "https://...",
// }

Read the docs

How it works

From install to authorized in 5 minutes

pnpm add kavachos

Framework

app/api/kavach/[...kavach]/route.ts

1// app/api/kavach/[...kavach]/route.ts

2import { createKavach } from 'kavachos';

3import { kavachNextjs } from '@kavachos/nextjs';

5const kavach = await createKavach({

6 database: { provider: 'sqlite', url: './kavach.db' },

7});

9export const { GET, POST } = kavachNextjs(kavach);

What developers are saying

Built by developers, for developers

“We replaced 2,000 lines of custom agent auth code with a single kavachos import. The delegation chains alone saved us a month.”

Sarah Kim

Platform Lead · Agentic Labs

“Auth0 wanted us to bolt agent identity onto user sessions. kavachOS treats agents as first-class citizens. That's the difference.”

Marcus Chen

CTO · NeuralOps

“The MCP OAuth 2.1 server just works. PKCE, dynamic registration, RFC compliance -- all handled. We shipped in a day.”

Priya Patel

Senior Engineer · ToolChain AI

“When our compliance team asked about EU AI Act readiness, I generated the report in one click. They were shocked.”

James Wright

VP Engineering · FinSecure

“Sub-50ms auth checks on Cloudflare Workers. Our agents authenticate faster than they can think.”

Alex Rivera

Infra Lead · EdgeFirst

Community

What developers are saying

“We were passing shared API keys between 6 agents. KavachOS gave each one its own identity with scoped permissions in an afternoon.”

Alex Chen

Lead Engineer, AI Startup

“The delegation chains are the killer feature. Our orchestrator agent can spin up sub-agents with exactly the permissions they need, nothing more.”

Priya Sharma

Platform Engineer

“Switched from Auth0 for the agent auth. Stayed because the MCP OAuth 2.1 implementation is better than anything I could have built.”

Marcus Wright

CTO, DevTools Company

“Three dependencies. Runs on Workers. Actually has tests. This is how auth libraries should be built.”

Sarah Kim

Staff Engineer

Pricing

Start free, scale as you grow

Every plan includes unlimited agents, MCP OAuth 2.1, and framework adapters.

Sanctuary

Free

1,000 MAU

$0forever

Get started

Unlimited agents
MCP OAuth 2.1 server
7 framework adapters
Audit log (7-day retention)
Community support
1 team member

Vanguard

Starter

10,000 MAU

$29/mo

Start free

Everything in Free
10,000 monthly active users
Audit log (30-day retention)
Trust scoring
Anomaly detection
Email support
5 team members

Popular

Centurion

Growth

50,000 MAU

$79/mo

Start free

Everything in Starter
50,000 monthly active users
Audit log (90-day retention)
Compliance reports (EU AI Act, SOC 2)
Budget controls
Privilege analyzer
Priority support
15 team members

Leviathan

Scale

200,000 MAU

$199/mo

Start free

Everything in Growth
200,000 monthly active users
Audit log (1-year retention)
All compliance frameworks
Custom trust scoring rules
SSO / SAML
Dedicated support
Unlimited team members

Full pricing details

Get started today

Start protecting your agents
in 5 minutes.

Open source SDK or managed cloud. One import, zero lock-in.

pnpm add kavachos

Get started free Star on GitHub

No credit card required · Free up to 1,000 MAU · Open source

Your agents needtheir own auth.

Built for production

Secure your AI agents

Every agent gets its own identity

Everything you need to ship agent auth

Every agent gets its own credentials

Standards-compliant OAuth 2.1

Agent-to-agent permission flow

Every action logged, every decision explained

Global edge, zero cold starts

Security is not a paid tier

From zero to production in one afternoon

Agentic workflows

MCP tool servers

Compliance reports

From install to authorized in 5 minutes

Built by developers, for developers

What developers are saying

Start free, scale as you grow

Free

Starter

Growth

Scale

Start protecting your agentsin 5 minutes.

Your agents need
their own auth.

Start protecting your agents
in 5 minutes.