v0.1.0
// Forge builder · full stack hosting · DePIN nodes // solana · x402 when you provision via MCP synced

// confidential-oriented hosting · supabase-shaped stack

A secure all-in-one cloud for AI apps and agents.

01 KRAPH 02 SECURE AI CLOUD 03 BUILD HOST PROTECT

Kraph is built for confidential AI hosting: encrypted env vars and WAL replication, wallet-metered infrastructure via x402 USDC on Solana, and AMD SEV-SNP attested placement on eligible mainnet-tier nodes — not only a database or a UI generator. Use Forge to build in the browser, or MCP to provision from your own tools; the same stack underneath. The goal is to minimize routine platform and operator exposure to your API keys and sensitive config, especially in production (see security).

build with Forge how Kraph works
network.live

Under the hood: gateway placement, x402 settlement, encrypted replication, and attested nodes when you choose mainnet-tier hosting.

// network health
3
nodes responding · 2 regions
// fastest node rtt
ms
live probe · min of pool
// gateway round-trip
ms
parallel health checks
// attested capacity
1
AMD SEV-SNP node · live
01
what is kraph?
// one platform · four ways in

Kraph is a secure all-in-one cloud for AI apps and agents: you get a real backend (database, auth, APIs, storage, functions, logs, static hosting) with encrypted secrets, optional x402 USDC metering, and a network of independent nodes with hardware-attested capacity for production.

01[f]

Forge

In-browser builder (Lovable/Base44-style): ship UI and logic onto the same hosted stack — no need to wire an external LLM IDE first.

02[k]

Kraph cloud

Postgres, Auth, Realtime, Storage, Edge Functions, Studio, IPFS hooks — the pieces you expect from a modern backend, orchestrated per project.

03[m]

MCP

Agents and developer tools call kraph_provision and related tools to create infrastructure programmatically, with per-call settlement via x402 when applicable.

04[n]

Node network

Independent operators supply compute and storage; the protocol handles placement, payments, encrypted WAL replication, and attestation checks.

why now

  • AI products need backend state, server logic, and secure secrets - not only UI generation.
  • Classic hosted clouds prioritize human billing accounts and broad control-plane visibility.
  • Kraph combines Forge, MCP, x402, and independent node supply in one stack.
02
everything an AI product needs to ship.
// database · auth · functions · hosting · payments

Concrete outputs, not platform abstractions: Postgres, Auth, Storage, Edge Functions, Realtime, IPFS, and encrypted env vars for third-party keys. Build with Forge or provision from code via MCP; Kraph remains an independent project, not affiliated with Supabase Inc.

live 01

memory & state

Postgres + Realtime + Storage for durable agent memory, files, and session state — same @supabase/supabase-js patterns you already use.

live 02

tools & server logic

Deno edge functions next to your data, with encrypted env vars for API keys and connector credentials.

live 03

ship a surface

Pin static frontends to content-addressed storage so each agent can have a shareable URL or embed alongside its API.

live 04

agent-native payments

Optional wallet identity and x402 USDC on Solana meter infrastructure per tool call — no card on file when you deploy via MCP.

live 05

distributed hosting

Independent nodes host workloads with encrypted WAL replication; mainnet-tier placement can use AMD SEV-SNP attested hardware.

team beta 06

agent email

Inbound and outbound mail for auth flows, digests, notifications, and support — live for allowlisted team mailboxes via MCP today; broader self-serve access is planned as packaging matures.

03
Forge: build on Kraph.
// browser builder · Lovable/Base44-style flow · your stack underneath

Forge is Kraph’s in-browser builder: describe what you want, iterate on UI and logic, and ship to the same Postgres + APIs + functions + storage + encrypted env surface the network provisions. It is for teams that want a hosted builder instead of wiring everything from an external LLM IDE first.

Model choice is yours: use the built-in assistant in Forge today, or bring your own provider keys (e.g. Claude, OpenAI / Codex, or compatible endpoints) as we roll out BYO-key support - stored as scoped secrets, not pasted into prompts.

01

browser builder

Design UI and flow quickly, then deploy without switching stacks.

02

same hosted stack

Build path and MCP path land on the same backend primitives.

03

BYO model keys

Bring your own providers while keeping secrets scoped and encrypted.

open Forge use MCP instead
04
developers: connect your stack
// mcp server or claude skill · pick key + network

Prefer a hosted builder? Start with Forge. Prefer your own editor and agents? Use MCP here. Today, MCP is the developer path: authenticate with a Solana wallet, call kraph_provision, and connect your app to returned URLs and keys.

  • Works in Claude Code, Cursor, Windsurf, and compatible hosts.
  • Claude skill fallback handles OAuth when /mcp setup is awkward.
  • Paid tool calls settle in USDC via x402.
claude code · local · devnet 
claude mcp add kraph -- npx -y @kraph/mcp-stdio \
  --keypair ~/.config/solana/id.json \
  --network devnet
// your keypair signs every x402 payment locally · nothing leaves your machine except the MCP requests
A authentication

Kraph authenticates via your Solana wallet, not a cloud billing profile. Two modes, both handled automatically:

  1. SIWS — agent signs a challenge message with a local Solana keypair. Three tool calls: kraph_auth_challenge → sign → kraph_auth_verify. Session token valid for 30 minutes.
  2. Privy OAuth — for agents without a local keypair. Sign in with email once, get a Privy server wallet, and avoid card or KYC setup. The gateway can sign x402 payments on behalf of that wallet through the delegation flow.

Paid tool calls settle via x402 on Solana. The gateway returns 402 Payment Required with the tool's price in USDC; your client's x402-fetch wrapper signs and retries automatically. The result is metered infrastructure without a card processor sitting between the agent and the app it is trying to ship.

B compatibility

Kraph runs the unmodified official Supabase Docker stack under the hood — same Postgres 15, same PostgREST, same GoTrue auth, same Realtime, same Storage API, same Edge Runtime (Deno/TypeScript), same JWT format, same Studio dashboard.

That means the full compat surface works out of the box: @supabase/supabase-js, PostgREST clients, supabase-py, supabase-dart, Studio, the supabase CLI, the Supabase Edge Functions runtime, the S3-compatible Storage API, standard ENV-var semantics for functions, pg_dump / pg_restore, and every RLS policy you've already written.

Migrating an existing full-stack app is a few env-var changes:

  1. Call kraph_provision → get a new URL + anon key + service role key
  2. pg_dump source db → pg_restore into the new instance
  3. kraph_deploy_function your edge functions · kraph_set_env for secrets · upload buckets to Storage
  4. Update SUPABASE_URL / SUPABASE_ANON_KEY and redeploy (or kraph_pin_frontend the built static bundle to IPFS)

Kraph is an independent open-source project, not affiliated with or endorsed by Supabase Inc. — but because it orchestrates the same open-source components those projects use, the SDKs work unchanged. For ad-hoc agent use, no migration at all: Kraph just sits alongside your existing infra as another tool.

05
from idea to running product
// four steps · Forge or MCP
  1. 01 describe you

    define what you’re building and who it serves

    Start from an AI app, assistant, or automation you want in production. Use Forge to iterate in the browser, or sketch in your own tools. Capture triggers, guardrails, and the data the product is allowed to touch before it hits production.

    paths: Forge · your codebase · MCP · kraph_provision
  2. 02 connect tools

    wire tools, APIs, and model access

    Plug in calendars, email, CRMs, internal HTTP APIs, or data stores. Bring your own Claude, OpenAI, Gemini, or OpenAI-compatible endpoint. Hosted model billing from kraph is not required — it may arrive later for teams who want one invoice. Secrets land in encrypted env vars, not in prompt text.

    BYO API keys · scoped function env · least privilege
  3. 03 deploy < 15 s

    provision an isolated backend and go live

    Through MCP, kraph places a full Supabase-compatible stack — Postgres, PostgREST, Kong, GoTrue, Realtime, Storage, Studio, Edge Functions — plus IPFS hooks for static UI. You get URLs, keys, and function runtime without stitching vendors by hand. Advanced: authenticate with a Solana wallet, pay per tool call with x402 USDC on Solana, and route to attested hardware on mainnet when you need it.

    id: agvxmi1rhdsk url: your instance endpoint studio_url: studio dashboard
  4. 04 observe always on

    inspect state, logs, payments, and durability

    Production workloads need visibility into what changed and what you paid for. Today you get Postgres state, edge function logs, stored artifacts, the live x402 payment feed, and node health signals — plus encrypted WAL replication so replicas hold ciphertext, not your business logic. Deeper per-run timelines and cost attribution are on the roadmap.

    replicas: ovh-ca · gcp-us (SEV-SNP attested path) integrity: per-segment hash chain · encrypted off-node
06
pick a network
// devnet for iteration · mainnet for production · same MCP flow

When you connect via MCP, you choose devnet (faucet USDC, fast iteration, mock TEE) or mainnet (real USDC, SEV-SNP attested nodes for eligible placement). Forge and your app use the same stack either way; billing and trust assumptions differ.

// developer networks · same protocol

Solana devnet vs mainnet (MCP today)

devnet
$0 / faucet

for hacking

Pay with devnet USDC from the faucet. Any available node. Mock TEE. Ephemeral instances. No card, no KYC, low-risk playground.

  • free devnet USDC (faucet)
  • no credit card · no KYC
  • drop-in for @supabase/supabase-js
  • edge functions · object storage · static hosting · encrypted env
  • encrypted WAL replication
  • x402 paid tool calls
  • mock TEE · no attestation
  • instances paused after 24h
start free
// network solana:devnet
mainnet
$0.10 / provision

for production

Real USDC on Solana mainnet. TEE-verified nodes only — eligible nodes prove they run inside an AMD SEV-SNP enclave before the gateway places production workloads on them.

  • mainnet USDC · real payments
  • wallet account · no card processor
  • drop-in for @supabase/supabase-js
  • edge functions · object storage · static hosting · encrypted env
  • encrypted WAL replication
  • AMD SEV-SNP attestation on qualified nodes
  • measurement verification per placement
go mainnet
// network solana:mainnet-beta
// migrate

devnet → mainnet

Three steps, same tooling. Your app, your keys, your data.

  1. kraph_export your devnet instance pg_dump + encrypted WAL archive
  2. Flip KRAPH_SOLANA_NETWORK=solana:mainnet-beta on the client · nothing else changes
  3. kraph_provision + kraph_restore new instance is attested · same schema · same data
07
confidential by design
// encrypted secrets · encrypted replication · attested production
01

encrypted secrets

Function env vars are encrypted at rest with per-instance keys and only applied at runtime.

02

encrypted replication

WAL segments are encrypted for replication so replicas store ciphertext, not application plaintext.

03

attested nodes

Eligible mainnet placement can run on AMD SEV-SNP hardware with fresh measurement checks.

Compared with typical hosted platforms, Kraph aims to reduce routine exposure of API keys and sensitive env. The gateway remains part of the trust boundary for orchestration and tooling flows; see the whitepaper.

devnet is not confidential - use mainnet and attested nodes for stronger confidentiality goals.

08
network status, transparent
// live gateway · node health · settlements · attestation signals
kraph · live.status
● live --:--:--
nodes live · 3
ovh-ca-a
167.114.159.161
mock TEE
ovh-ca-b
167.114.159.161:3403
mock TEE
gcp-us-c SEV-SNP
34.136.139.100
real AMD SEV-SNP
WAL replication benchmark · not live
ovh-a → ovh-b
0 ms lag
ovh-a → gcp-c
31 ms lag
ovh-b → gcp-c
31 ms lag
segments18
shipped18
entropy8.00
payment feed live · x402 ring buffer
  • 03:49:26 kraph_provision $0.100 2pjuY6…xsVPM
  • 02:14:12 kraph_query $0.001 e5QVNh…4dJfS
  • 19:38:44 kraph_provision $0.100 3GhaTG…YtVsPM
total instances
4
total volume
$0.307
attestations
1184b
09
run verified capacity for Kraph
// supply-side · compliance-first framing

Kraph is growing an independent operator network that supplies compute, storage, and bandwidth for customer workloads.

01

what you provide

Verified infrastructure capacity: compute, storage, bandwidth, uptime, region coverage, and optional attested hardware.

02

how payouts work

Approved operators are paid monthly in USDC as vendor payments for delivered services.

03

compliance & next step

Onboarding may require identity checks, tax documentation, and service-level agreements. Share region, hardware profile, and SEV-SNP readiness.

contact · operator inquiries

10
why this matters
// answers to the obvious objections
vs other tools

Q. How is this different from Vercel or Supabase?

Vercel and Supabase are strong hosted developer platforms. Kraph targets the same shipping loop (frontend + backend + auth + data), but adds Forge + MCP for AI-native workflows, x402 USDC metering for autonomous provisioning, a node operator network, and a confidential-production posture: encrypted secrets at rest, encrypted WAL replication, and SEV-SNP attested placement on eligible mainnet nodes. Kraph orchestrates the open-source Supabase stack for compatibility, but it is an independent project — not affiliated with Supabase Inc.

Q. What is Forge?

Forge is Kraph’s in-browser builder: a Lovable/Base44-style way to iterate on an AI app while targeting the same Postgres, Auth, Storage, Functions, and secrets surface you get from the network. You can open it at forge.kraph.com/build.

Q. Is Kraph a Supabase competitor?

Kraph is not Supabase, but it is Supabase-compatible by orchestrating the same open-source components many teams already use. The differentiation is the bundle: AI builder + agent provisioning + stablecoin-metered tool calls + encrypted replication + decentralized placement + attested hardware options.

Q. Can Kraph or node operators read my API keys and secrets?

Function secrets are encrypted at rest on the node and applied to the runtime when needed. On mainnet SEV-SNP nodes, the design goal is for plaintext to exist only inside the attested enclave during apply, not for operators to read from ordinary host memory. On devnet, assume operators could observe values during brief decrypt windows — devnet is for iteration, not confidentiality. Separately, the gateway remains part of the trust model for orchestration and some tooling paths; see the whitepaper for details.

security & secrets

Q. How is this different from Lovable, Base44, or other app builders?

Tools like Lovable and Base44 excel at fast UI generation. Kraph adds Forge for that builder-style flow, then backs it with the same production stack you get from the network: Postgres, auth, realtime, storage, edge functions, encrypted secrets, optional x402 USDC metering via MCP, encrypted replication, and independent operator nodes — not only a generated front end.

Q. What about Lindy, Zapier Agents, n8n, or enterprise agent platforms?

Workflow tools excel at triggers and SaaS glue. Kraph gives each workload a Supabase-compatible stack you control — Postgres, functions, storage, auth — plus decentralized placement and optional AMD SEV-SNP attestation on mainnet-tier nodes. Pick kraph when the agent needs its own database and server logic, not only chained steps.

Q. Can I bring my own LLM API keys?

Yes — that’s the default path for backend and functions: store keys in function-scoped secrets via kraph_set_env, never in prompts; grant each tool the minimum access it needs and rotate keys on a schedule. Forge is adding BYO provider keys for people who want Claude, OpenAI / Codex, or compatible endpoints instead of the built-in assistant. Optional hosted inference from kraph may arrive later for teams who want one invoice — it is not required today.

Q. How are API keys and third-party tokens protected?

Use function-scoped env vars via kraph_set_env — encrypted at rest on the node. On mainnet SEV-SNP nodes, plaintext only exists briefly inside the attested enclave when applied to the runtime. Still follow least privilege: rotate keys, scope tools, and audit what each agent is allowed to call.

Q. Can an existing app or agent use Kraph?

Yes. Kraph is the backend and hosting layer: you connect your app, automation, or agent tooling to the provisioned URLs and keys. Today you typically wire provisioning through MCP (kraph_provision) or build with Forge; swap env vars and SDK endpoints like any Supabase-shaped project.

Q. Do I need crypto as an end user?

Public end users may not need crypto later if you ship hosted billing on top. Developers using MCP today use a Solana wallet (or Privy) so USDC can settle x402 invoices for paid tools — that’s the crypto touchpoint now. Hosted billing products may abstract wallets so day-to-day users never manage one while the protocol stays underneath.

Q. How do node operators get paid?

Approved operators receive monthly USDC vendor payments for verified infrastructure — compute, storage, bandwidth, uptime, region, and attestation tier where applicable. Commercial terms include a platform fee and service-level adjustments when agreed targets are not met. This is compensation for services rendered, not a token, stake, or investment product.

Q. Why does this need Solana?

Solana gives Kraph three things a normal cloud does not: wallet identity, low-cost USDC settlement, and a programmable registry for node operators. That lets an agent pay for one infrastructure action at a time through x402, without creating a billing account or trusting a subscription platform to meter usage later.

network & payments

Q. Where does the DePIN part show up?

The infrastructure is supplied by independent nodes, not one hosted database vendor. Kraph coordinates placement, payment, encrypted WAL replication, and attestation checks so those nodes can behave like a cloud network while still exposing the familiar Postgres/Supabase developer surface.

Q. Isn't a distributed database impossible with CAP?

Kraph isn't a distributed database. Each agent gets a single Postgres on one node — full ACID, single writer, same consistency as any self-hosted Postgres cluster. The decentralized part is placement, payment, and encrypted backups. There's no cross-node query, no consensus, no CAP tradeoff.

Q. What if a node dies?

Every WAL segment is encrypted (ChaCha20-Poly1305) and shipped to 2+ replicas in different regions. If the primary fails, the gateway reassigns to a replica, the agent provides the DEK, and Postgres replays from the encrypted backup. Operator agreements define reliability expectations and remedies.

Q. Is this actually fast?

Hosted Postgres platforms typically take 2–5 minutes to spin up a new project, and free tiers pause idle instances which adds another 1–3 minute wake-up. Kraph's cold start is ~15 seconds end-to-end and the paid tool call returns in 8 ms. Query latency is whatever Postgres + PostgREST give you on the host (11 k TPS / ~10 ms REST in our benchmarks).

Q. What do you mean by privacy-first hosting?

Kraph does not need the normal cloud billing identity layer. There is no credit-card form, no KYC flow, and no subscription account to create — access is tied to a Solana wallet, and paid tool calls settle through x402 USDC payments.

That means billing is pseudonymous rather than card-based. Solana transactions are public, so Kraph does not promise invisible payments; the point is that agents can rent infrastructure without handing over a personal billing profile, while workload data is protected separately by encrypted replication and mainnet-tier attestation.

Q. Can the node operator read my data?

On mainnet (SEV-SNP): no. The Postgres process runs inside an AMD enclave whose memory is encrypted at the hardware level. Every placement is verified against a fresh attestation report from /dev/sev-guest. On devnet the operator technically could, which is why devnet is for development only.

Q. How do secrets and env vars get handled?

kraph_set_env stores env vars scoped to edge functions — per-instance, encrypted at rest in the node's SQLite (ChaCha20-Poly1305 under the same per-instance DEK that encrypts WAL), TLS in transit. Rows on disk are always enc-v1:<base64(nonce‖ciphertext+tag)> — a sqlite3 .dump never yields plaintext.

On mainnet (SEV-SNP) nodes the plaintext only materializes inside the enclave when writing to the functions container .env file: hardware-encrypted memory means the operator cannot read it even with root. On devnet the operator running the node process can still read values from process memory during the brief decrypt-and-apply window — use mainnet if you need real confidentiality. Setting or unsetting restarts only the functions container (~1-2s, via docker compose up --force-recreate --no-deps functions). Postgres and every other service stay untouched. Listing via kraph_list_env returns keys and SHA-256 fingerprints by default; pass include_values=true to retrieve plaintext.