memory & state
Postgres + Realtime + Storage for durable agent memory, files, and session state — same @supabase/supabase-js patterns you already use.
// supabase-shaped stack · agent-native ops
Secure deployment cloud for AI agents.
01 KRAPH 02 AI AGENT CLOUD 03 DEPLOY WITH TRUST.
- live backend + public URL
- persistent memory + encrypted secrets
- BYO model keys + x402 metering
Deploy AI agents with memory, tools, payments, and secure hosting. Bring your agent code, connect tools and model keys, and let kraph provision an isolated Postgres + APIs + functions + storage backend, encrypted env vars, and hooks for a public UI. Developers connect today via MCP; when you use paid tools, a wallet settles x402 USDC on Solana — no card on file for that path.
network.live
Under the hood: gateway placement, x402 settlement, encrypted replication, and attested nodes when you choose mainnet-tier hosting.
// network health
3
nodes responding · 2 regions
// fastest node rtt
—ms
live probe · min of pool
// gateway round-trip
—ms
parallel health checks
// attested capacity
1
AMD SEV-SNP node · live
01
everything an agent needs to run.
// runtime · not just a chat window
Serious agents need persistent memory, tool integrations, secrets, function logs and backend auditability, and a real backend — not a single API key in a notebook. Kraph provisions that data plane for agents like OpenClaw or Hermes that need durable state — and for your own runtimes — your code wires in; we don’t host arbitrary agent containers today. In-product templates are on the roadmap; everything rides the same Supabase-compatible surface.
tools & server logic
Deno edge functions next to your data, with encrypted env vars for API keys and connector credentials.
ship a surface
Pin static frontends to content-addressed storage so each agent can have a shareable URL or embed alongside its API.
agent-native payments
Optional wallet identity and x402 USDC on Solana meter infrastructure per tool call — no card on file when you deploy via MCP.
distributed hosting
Independent nodes host workloads with encrypted WAL replication; mainnet-tier placement can use AMD SEV-SNP attested hardware.
agent email
Inbound and outbound mail for auth flows, digests, notifications, and support — live for allowlisted team mailboxes via MCP today; broader self-serve access is planned as packaging matures.
02
developers: connect your agent
// mcp server or claude skill · pick key + network
The product experience we’re building is describe → connect tools → deploy → observe.
Today, MCP is the direct path: add the server in Claude Code, Cursor, or any compatible host, authenticate with a Solana wallet (local keypair or Privy),
call kraph_provision, and point your agent at the returned URLs and keys.
The Claude skill is the fallback when OAuth or /mcp setup is awkward — it runs the shell handshake and pins a bearer for you.
Paid tool calls settle on-chain in USDC via x402 — that is the metering rail for MCP today.
claude code · local · devnet
claude mcp add kraph -- npx -y @kraph/mcp-stdio \
--keypair ~/.config/solana/id.json \
--network devnet
// your keypair signs every x402 payment locally · nothing leaves your machine except the MCP requests
claude_desktop_config.json · local · devnet
{
"mcpServers": {
"kraph": {
"command": "npx",
"args": ["-y", "@kraph/mcp-stdio",
"--keypair", "~/.config/solana/id.json",
"--network", "devnet"]
}
}
}
// windows
%APPDATA%\Claude\claude_desktop_config.json
// macOS
~/Library/Application Support/Claude/claude_desktop_config.json
~/.cursor/mcp.json · local · devnet
{
"mcpServers": {
"kraph": {
"command": "npx",
"args": ["-y", "@kraph/mcp-stdio",
"--keypair", "~/.config/solana/id.json",
"--network", "devnet"]
}
}
}
~/.codeium/windsurf/mcp_config.json · local · devnet
{
"mcpServers": {
"kraph": {
"command": "npx",
"args": ["-y", "@kraph/mcp-stdio",
"--keypair", "~/.config/solana/id.json",
"--network", "devnet"]
}
}
}
claude code · local · mainnet
claude mcp add kraph -- npx -y @kraph/mcp-stdio \
--keypair ~/.config/solana/id.json \
--network mainnet-beta
// fund this wallet with mainnet USDC + a little SOL · $0.10 USDC per kraph_provision
claude_desktop_config.json · local · mainnet
{
"mcpServers": {
"kraph": {
"command": "npx",
"args": ["-y", "@kraph/mcp-stdio",
"--keypair", "~/.config/solana/id.json",
"--network", "mainnet-beta"]
}
}
}
~/.cursor/mcp.json · local · mainnet
{
"mcpServers": {
"kraph": {
"command": "npx",
"args": ["-y", "@kraph/mcp-stdio",
"--keypair", "~/.config/solana/id.json",
"--network", "mainnet-beta"]
}
}
}
~/.codeium/windsurf/mcp_config.json · local · mainnet
{
"mcpServers": {
"kraph": {
"command": "npx",
"args": ["-y", "@kraph/mcp-stdio",
"--keypair", "~/.config/solana/id.json",
"--network", "mainnet-beta"]
}
}
}
claude code · remote · devnet
$ claude mcp add --transport http kraph https://api.kraph.com/mcp
// first call opens a privy browser login · gateway signs payments via delegation on your behalf
claude_desktop_config.json · remote · devnet
{
"mcpServers": {
"kraph": {
"url": "https://api.kraph.com/mcp"
}
}
}
~/.cursor/mcp.json · remote · devnet
{
"mcpServers": {
"kraph": {
"url": "https://api.kraph.com/mcp"
}
}
}
~/.codeium/windsurf/mcp_config.json · remote · devnet
{
"mcpServers": {
"kraph": {
"serverUrl": "https://api.kraph.com/mcp"
}
}
}
claude code · remote · mainnet
$ claude mcp add --transport http kraph https://api-mainnet.kraph.com/mcp
claude_desktop_config.json · remote · mainnet
{
"mcpServers": {
"kraph": {
"url": "https://api-mainnet.kraph.com/mcp"
}
}
}
~/.cursor/mcp.json · remote · mainnet
{
"mcpServers": {
"kraph": {
"url": "https://api-mainnet.kraph.com/mcp"
}
}
}
~/.codeium/windsurf/mcp_config.json · remote · mainnet
{
"mcpServers": {
"kraph": {
"serverUrl": "https://api-mainnet.kraph.com/mcp"
}
}
}
claude code · skill install
# core skill — handles oauth + pins the bearer into mcp config
git clone https://github.com/piske-alex/kraph-skill.git \
~/.claude/skills/kraph
chmod +x ~/.claude/skills/kraph/scripts/*.sh
# optional: email skill (send / receive at @kraph.com via mcp tools)
git clone https://github.com/piske-alex/kraph-email-skill.git \
~/.claude/skills/kraph-email
// restart claude code · then ask: "set up kraph" — the skill walks oauth, exchanges for a 24h bearer, and pins it via `claude mcp add --header`
claude desktop · skill install
# macOS / Linux
git clone https://github.com/piske-alex/kraph-skill.git \
~/.claude/skills/kraph
chmod +x ~/.claude/skills/kraph/scripts/*.sh
# optional: email skill
git clone https://github.com/piske-alex/kraph-email-skill.git \
~/.claude/skills/kraph-email
// windows
%USERPROFILE%\.claude\skills\kraph
// restart desktop · then ask: "set up kraph"
A
authentication
Kraph authenticates via your Solana wallet, not a cloud billing profile. Two modes, both handled automatically:
-
SIWS — agent signs a challenge message with a local
Solana keypair. Three tool calls:
kraph_auth_challenge→ sign →kraph_auth_verify. Session token valid for 30 minutes. - Privy OAuth — for agents without a local keypair. Sign in with email once, get a Privy server wallet, and avoid card or KYC setup. The gateway can sign x402 payments on behalf of that wallet through the delegation flow.
Paid tool calls settle via x402 on Solana.
The gateway returns 402 Payment Required with
the tool's price in USDC; your client's x402-fetch wrapper signs and
retries automatically. The result is metered infrastructure without a
card processor sitting between the agent and the app it is trying to ship.
B
compatibility
Kraph runs the unmodified official Supabase Docker stack under the hood — same Postgres 15, same PostgREST, same GoTrue auth, same Realtime, same Storage API, same Edge Runtime (Deno/TypeScript), same JWT format, same Studio dashboard.
That means the full compat surface works out of the box:
@supabase/supabase-js,
PostgREST clients, supabase-py, supabase-dart, Studio, the
supabase CLI, the Supabase Edge Functions
runtime, the S3-compatible Storage API, standard
ENV-var semantics for functions,
pg_dump / pg_restore,
and every RLS policy you've already written.
Migrating an existing full-stack app is a few env-var changes:
- Call
kraph_provision→ get a new URL + anon key + service role key pg_dumpsource db →pg_restoreinto the new instancekraph_deploy_functionyour edge functions ·kraph_set_envfor secrets · upload buckets to Storage- Update
SUPABASE_URL/SUPABASE_ANON_KEYand redeploy (orkraph_pin_frontendthe built static bundle to IPFS)
Kraph is an independent open-source project, not affiliated with or endorsed by Supabase Inc. — but because it orchestrates the same open-source components those projects use, the SDKs work unchanged. For ad-hoc agent use, no migration at all: Kraph just sits alongside your existing infra as another tool.
03
from idea to running agent
// four steps · MCP automates the heavy lifting
-
01 describe you
define what the agent does and who it serves
Start from your own agent design (research, support, ops, coding assistant) or patterns you already run locally. Agent templates in-product are on the roadmap — today you describe behavior and wire your stack, then provision the backend via MCP. Capture triggers, guardrails, and the data the agent is allowed to touch before it ever hits production.
examples: your agent code · MCP · kraph_provision -
02 connect tools
wire tools, APIs, and model access
Plug in calendars, email, CRMs, internal HTTP APIs, or data stores. Bring your own Claude, OpenAI, Gemini, or OpenAI-compatible endpoint. Hosted model billing from kraph is not required — it may arrive later for teams who want one invoice. Secrets land in encrypted env vars, not in prompt text.
BYO API keys · scoped function env · least privilege -
03 deploy < 15 s
provision an isolated backend and go live
Through MCP, kraph places a full Supabase-compatible stack — Postgres, PostgREST, Kong, GoTrue, Realtime, Storage, Studio, Edge Functions — plus IPFS hooks for static UI. You get URLs, keys, and function runtime without stitching vendors by hand. Advanced: authenticate with a Solana wallet, pay per tool call with x402 USDC on Solana, and route to attested hardware on mainnet when you need it.
id: agvxmi1rhdsk url: your instance endpoint studio_url: studio dashboard -
04 observe always on
inspect state, logs, payments, and durability
Production agents need visibility into what changed and what you paid for. Today you get Postgres state, edge function logs, stored artifacts, the live x402 payment feed, and node health signals — plus encrypted WAL replication so replicas hold ciphertext, not your business logic. Deeper per-run timelines and cost attribution are on the roadmap.
replicas: ovh-ca · gcp-us (SEV-SNP attested path) integrity: per-segment hash chain · encrypted off-node
04
plans for builders & teams.
// SaaS-style plans planned · live today: MCP + x402 on paid tools
The Free / Builder / Pro / Team cards describe planned monthly packaging. Live now: provision and meter through MCP with x402 USDC on paid tools; devnet and mainnet networks are below. Exact limits and self-serve checkout will land in the console as hosted plans roll out.
free
$0
/ mo
try the stack
For solo builders validating an agent on shared dev infrastructure. Bring your own model keys; pay only metered usage where applicable.
- ✓ one active project
- ✓ BYO LLM / tool API keys
- ✓ community support channel
- — production SLAs not implied
builder
$29
/ mo
ship real agents
Multiple agents, higher limits, and room for scheduled or long-running workloads. Ideal for founders and small teams shipping customer-facing assistants.
- ✓ higher concurrency & storage
- ✓ structured logs & run history
- ✓ email support
pro
$79
/ mo
production posture
Priority placement, stricter isolation, and features for compliance-minded teams — including attested hardware when you opt into mainnet-tier routing.
- ✓ priority support
- ✓ advanced secrets & environment controls
- ✓ optional dedicated capacity conversations
team
custom
· annual
org-wide rollout
SSO, shared workspaces, audit exports, and procurement-friendly billing. We’ll map your agents to the right regions and attestation profile.
- ✓ security review & DPA path
- ✓ volume pricing for usage
- ✓ success engineer
// developer networks · same protocol
Solana devnet vs mainnet (MCP today)
When you install the MCP client below you pick devnet for faucet USDC and fast iteration, or mainnet for real USDC and attested SEV-SNP placement on eligible nodes.
devnet
$0
/ faucet
for hacking
Pay with devnet USDC from the faucet. Any available node. Mock TEE. Ephemeral instances. No card, no KYC, low-risk playground.
- ✓ free devnet USDC (faucet)
- ✓ no credit card · no KYC
- ✓ drop-in for
@supabase/supabase-js - ✓ edge functions · object storage · static hosting · encrypted env
- ✓ encrypted WAL replication
- ✓ x402 paid tool calls
- — mock TEE · no attestation
- — instances paused after 24h
// network
solana:devnet
mainnet
$0.10
/ provision
for production
Real USDC on Solana mainnet. TEE-verified nodes only — eligible nodes prove they run inside an AMD SEV-SNP enclave before the gateway places production workloads on them.
- ✓ mainnet USDC · real payments
- ✓ wallet account · no card processor
- ✓ drop-in for
@supabase/supabase-js - ✓ edge functions · object storage · static hosting · encrypted env
- ✓ encrypted WAL replication
- ✓ AMD SEV-SNP attestation on qualified nodes
- ✓ measurement verification per placement
// network
solana:mainnet-beta
// migrate
devnet → mainnet
Three steps, same tooling. Your agent, your keys, your data.
-
→
kraph_exportyour devnet instance pg_dump + encrypted WAL archive -
→
Flip
KRAPH_SOLANA_NETWORK=solana:mainnet-betaon the client · nothing else changes -
→
kraph_provision+kraph_restorenew instance is attested · same schema · same data
05
operations, transparent
// live gateway · node health · settlements · attestation signals
kraph · ops.dashboard
● live
--:--:--
nodes
live · 3
ovh-ca-a
167.114.159.161
mock TEE
—
—
ovh-ca-b
167.114.159.161:3403
mock TEE
—
—
gcp-us-c
SEV-SNP
34.136.139.100
real AMD SEV-SNP
—
—
WAL replication
benchmark · not live
ovh-a → ovh-b
0 ms lag
ovh-a → gcp-c
31 ms lag
ovh-b → gcp-c
31 ms lag
segments18
shipped18
entropy8.00
payment feed
live · x402 ring buffer
- 03:49:26 kraph_provision $0.100 2pjuY6…xsVPM
- 02:14:12 kraph_query $0.001 e5QVNh…4dJfS
- 19:38:44 kraph_provision $0.100 3GhaTG…YtVsPM
total instances
4
total volume
$0.307
attestations
1184b
06
run infrastructure for the agent cloud.
// supply-side · compliance-first framing
Kraph is growing a network of independent nodes that host agent backends with encrypted replication and optional hardware attestation. Approved operators are paid monthly in USDC for verified infrastructure services delivered: compute, storage, bandwidth, uptime, region coverage, and attested capacity where applicable.
Operator onboarding may require identity or business verification, sanctions screening, tax documentation where required, and agreement to service levels. Payouts are vendor payments for infrastructure supplied to the network.
Interested in running capacity? Reach out with your region, hardware profile, and whether you can meet SEV-SNP attestation requirements — we’ll share the current operator playbook as it matures.
07
why this matters
// answers to the obvious objections
Q. How is this different from Lovable, Base44, or other app builders?
Visual app builders optimize for pages and UI. Kraph is for autonomous agents that need durable memory, tools, encrypted secrets, and a real Postgres-backed surface — the persistent loop and data plane, not only the front end.
Q. What about Lindy, Zapier Agents, n8n, or enterprise agent platforms?
Workflow tools excel at triggers and SaaS glue. Kraph gives each workload a Supabase-compatible stack you control — Postgres, functions, storage, auth — plus decentralized placement and optional AMD SEV-SNP attestation on mainnet-tier nodes. Pick kraph when the agent needs its own database and server logic, not only chained steps.
Q. Can I bring my own LLM API keys?
Yes — that’s the default path. Store keys in function-scoped secrets via kraph_set_env, never in prompts; grant each tool the minimum access it needs and rotate keys on a schedule.
Optional hosted inference from kraph may arrive later for teams who want one invoice — it is not required today.
Q. How are API keys and third-party tokens protected?
Use function-scoped env vars via kraph_set_env — encrypted at rest on the node. On mainnet SEV-SNP nodes, plaintext only exists briefly inside the attested enclave when applied to the runtime.
Still follow least privilege: rotate keys, scope tools, and audit what each agent is allowed to call.
Q. Can I deploy OpenClaw, Hermes, or another open-source agent?
That integration shape is a core direction: you keep the agent runtime you trust; kraph supplies the Supabase-compatible backend, storage, secrets, and hosting hooks.
Packaging varies by upstream project — today you wire provisioning through MCP (kraph_provision) and connect your agent to the returned URLs and keys; curated templates are on the roadmap.
Q. Do I need crypto as an end user?
Public end users may not need crypto later if you ship hosted billing on top. Developers using MCP today use a Solana wallet (or Privy) so USDC can settle x402 invoices for paid tools — that’s the crypto touchpoint now. Hosted plans may abstract billing so day-to-day users never manage a wallet while the protocol stays underneath.
Q. How do node operators get paid?
Approved operators receive monthly USDC vendor payments for verified infrastructure — compute, storage, bandwidth, uptime, region, and attestation tier where applicable. Commercial terms include a platform fee and service-level adjustments when agreed targets are not met. This is compensation for services rendered, not a token, stake, or investment product.
Q. Why does this need Solana?
Solana gives Kraph three things a normal cloud does not: wallet identity, low-cost USDC settlement, and a programmable registry for node operators. That lets an agent pay for one infrastructure action at a time through x402, without creating a billing account or trusting a subscription platform to meter usage later.
Q. Where does the DePIN part show up?
The infrastructure is supplied by independent nodes, not one hosted database vendor. Kraph coordinates placement, payment, encrypted WAL replication, and attestation checks so those nodes can behave like a cloud network while still exposing the familiar Postgres/Supabase developer surface.
Q. Isn't a distributed database impossible with CAP?
Kraph isn't a distributed database. Each agent gets a single Postgres on one node — full ACID, single writer, same consistency as any self-hosted Postgres cluster. The decentralized part is placement, payment, and encrypted backups. There's no cross-node query, no consensus, no CAP tradeoff.
Q. What if a node dies?
Every WAL segment is encrypted (ChaCha20-Poly1305) and shipped to 2+ replicas in different regions. If the primary fails, the gateway reassigns to a replica, the agent provides the DEK, and Postgres replays from the encrypted backup. Operator agreements define reliability expectations and remedies.
Q. Is this actually fast?
Hosted Postgres platforms typically take 2–5 minutes to spin up a new project, and free tiers pause idle instances which adds another 1–3 minute wake-up. Kraph's cold start is ~15 seconds end-to-end and the paid tool call returns in 8 ms. Query latency is whatever Postgres + PostgREST give you on the host (11 k TPS / ~10 ms REST in our benchmarks).
Q. What do you mean by privacy-first hosting?
Kraph does not need the normal cloud billing identity layer. There is no credit-card form, no KYC flow, and no subscription account to create — access is tied to a Solana wallet, and paid tool calls settle through x402 USDC payments.
That means billing is pseudonymous rather than card-based. Solana transactions are public, so Kraph does not promise invisible payments; the point is that agents can rent infrastructure without handing over a personal billing profile, while workload data is protected separately by encrypted replication and mainnet-tier attestation.
Q. Can the node operator read my data?
On mainnet (SEV-SNP): no. The Postgres process runs
inside an AMD enclave whose memory is encrypted at the hardware level.
Every placement is verified against a fresh attestation report from
/dev/sev-guest. On devnet the operator
technically could, which is why devnet is for development only.
Q. How do secrets and env vars get handled?
kraph_set_env stores env vars scoped to edge
functions — per-instance, encrypted at rest
in the node's SQLite (ChaCha20-Poly1305 under the same per-instance
DEK that encrypts WAL), TLS in transit. Rows on disk are always
enc-v1:<base64(nonce‖ciphertext+tag)> —
a sqlite3 .dump never yields plaintext.
On mainnet (SEV-SNP) nodes the plaintext only
materializes inside the enclave when writing to the functions
container .env file: hardware-encrypted memory means the
operator cannot read it even with root. On devnet the
operator running the node process can still read values from process
memory during the brief decrypt-and-apply window — use mainnet if you
need real confidentiality. Setting or unsetting restarts only the
functions container (~1-2s, via
docker compose up --force-recreate --no-deps functions).
Postgres and every other service stay untouched. Listing via
kraph_list_env returns keys and SHA-256
fingerprints by default; pass include_values=true
to retrieve plaintext.