// FORGE (HOSTING + AI BUILDER) • FULL-STACK HOSTING • DEPIN NODES // SOLANA • X402 PAYMENTS • LIVE ▪ synced —

// CONFIDENTIAL BY DESIGN • SUPABASE-COMPATIBLE • AGENT-NATIVE

AI can write code. Now it can ship and run real products — autonomously.

01 KRAPH 02 SECURE AI CLOUD 03 FOR AI AGENTS & BUILDERS

Forge builder + MCP provisioning
Postgres, Auth, Storage, Functions, IPFS
encrypted secrets + attested nodes

Most AI tools can generate UI and logic — but turning that into a live product still means humans handling billing, servers, and ten different services.

Kraph removes the bottleneck. With a wallet (or just a few clicks in Forge), any AI builder or agent can instantly stand up a complete, secure backend: database, auth, APIs, files, server logic, secrets, and a shareable frontend. Pay only for what you use on Solana.

Forge gives you two easy ways in:

Forge Hosting — bring your existing GitHub, Supabase, Vercel (or any other) project and host everything on Kraph in minutes. Code with your favorite LLM (Claude, Cursor, etc.) and deploy with zero ops.
Forge AI Builder (Coming Soon) — build the entire app directly inside Forge using natural prompts. No separate LLM needed. Everything (frontend + backend) is automatically hosted and live.

MCP is the direct agent path. Same powerful network underneath.

Open Forge Launch via MCP for agents

What is Kraph?

// purpose-built for agents

Kraph is the secure, all-in-one cloud purpose-built for AI apps and autonomous agents.

Today’s AI can generate code instantly — but it still can’t reliably run production without humans managing accounts, cards, and servers. Kraph fixes that.

Give your AI a Solana wallet (or use Forge) and it can provision its own complete backend in seconds: database, authentication, APIs, file storage, server logic, secrets, and a shareable frontend. Everything is encrypted, attested on hardware, and paid per actual usage on Solana via x402. No credit cards. No vendor lock-in. Just production-ready infrastructure that agents can truly own.

01[f]

Forge

Forge Hosting for existing repos and stacks; Forge AI Builder (Coming Soon) to describe and ship a full app in the browser. Both land on the same Kraph backend.

02[k]

Kraph Cloud

Drop-in Supabase-shaped backend (Postgres, Auth, Realtime, Storage, Edge Functions, Studio, IPFS) orchestrated per project. Same SDKs you already use.

03[m]

MCP

Agents and developer tools call kraph_provision to create infrastructure programmatically. Wallet-authenticated, x402 USDC payments settle per call on Solana. Works inside Claude Code, Cursor, etc.

04[n]

Node Network (DePIN)

Independent operators supply compute and storage. The protocol handles placement, payments, encrypted WAL replication, and AMD SEV-SNP attestation checks for production workloads.

// Why now

Three forces converging

AI products need real backend state, server logic, and secure secrets — not only UI generation.
Classic clouds are built for human billing accounts and dashboards.
Kraph combines Forge (two easy builder modes), MCP, x402 payments, and a DePIN node network — all on Solana.

everything an AI product needs to ship.

// database · auth · functions · hosting · payments

Concrete outputs, not platform abstractions: Postgres, Auth, Storage, Edge Functions, Realtime, IPFS, and encrypted env vars. Build with Forge Hosting, Forge AI Builder (Coming Soon), or provision directly via MCP.

Postgres
Auth
Storage
Functions
Realtime
IPFS
encrypted env
no egress meter (today)

live 01

memory & state

Postgres + Realtime + Storage for durable agent memory, files, and session state — same @supabase/supabase-js patterns you already use.

live 02

tools & server logic

Deno edge functions next to your data, with encrypted env vars for API keys and connector credentials.

live 03

ship a surface

Pin static frontends to content-addressed storage so each agent can have a shareable URL or embed alongside its API.

live 04

agent-native payments

Optional wallet identity and x402 USDC on Solana meter infrastructure per tool call — no card on file when you deploy via MCP.

live 05

distributed hosting

Independent nodes host workloads with encrypted WAL replication; mainnet-tier placement can use AMD SEV-SNP attested hardware.

team beta 06

agent email

Inbound and outbound mail for auth flows, digests, notifications, and support — live for allowlisted team mailboxes via MCP today; broader self-serve access is planned as packaging matures.

Built for trust in an agent world

Secrets stay encrypted (plaintext only inside attested runtimes). Data is replicated with cryptographic proofs. Production workloads run only on verified AMD SEV-SNP hardware. The network itself enforces the rules — no single company can see or touch your data. Agents can operate with confidence.

Forge: Your Fastest Way to Production beta

Two powerful modes. One secure Kraph backend.

Forge Hosting

Bring your existing work and host it instantly on Kraph.

Import GitHub repo, Supabase project, Vercel app, or any other stack
Keep coding in Claude, Cursor, or your current LLM
One-click deploy → full backend (Postgres, Auth, Storage, Edge Functions, Realtime) + frontend
Automatic payments and scaling on Solana

Forge AI Builder (Coming Soon)

Build from scratch with prompts — no separate LLM needed.

Describe your app in natural language
Built-in AI generates UI, backend logic, database schema, and auth
Everything is automatically hosted and live on Kraph
Iterate in real time inside the browser

Try Forge Hosting Try Forge AI Builder (Coming Soon)

developers: connect your stack

// mcp server or claude skill · pick key + network

Prefer a hosted builder? Start with Forge. Prefer your own editor and agents? Use MCP here. Today, MCP is the developer path: authenticate with a Solana wallet, call kraph_provision, and connect your app to returned URLs and keys.

Works in Claude Code, Cursor, Windsurf, and compatible hosts.
Claude skill fallback handles OAuth when /mcp setup is awkward.
Paid tool calls settle in USDC via x402.

claude code · local · devnet

claude mcp add kraph -- npx -y @kraph/mcp-stdio \
  --keypair ~/.config/solana/id.json \
  --network devnet

// your keypair signs every x402 payment locally · nothing leaves your machine except the MCP requests

claude_desktop_config.json · local · devnet

{
  "mcpServers": {
    "kraph": {
      "command": "npx",
      "args": ["-y", "@kraph/mcp-stdio",
               "--keypair", "~/.config/solana/id.json",
               "--network", "devnet"]
    }
  }
}

// windows %APPDATA%\Claude\claude_desktop_config.json

// macOS ~/Library/Application Support/Claude/claude_desktop_config.json

~/.cursor/mcp.json · local · devnet

{
  "mcpServers": {
    "kraph": {
      "command": "npx",
      "args": ["-y", "@kraph/mcp-stdio",
               "--keypair", "~/.config/solana/id.json",
               "--network", "devnet"]
    }
  }
}

~/.codeium/windsurf/mcp_config.json · local · devnet

{
  "mcpServers": {
    "kraph": {
      "command": "npx",
      "args": ["-y", "@kraph/mcp-stdio",
               "--keypair", "~/.config/solana/id.json",
               "--network", "devnet"]
    }
  }
}

claude code · local · mainnet

claude mcp add kraph -- npx -y @kraph/mcp-stdio \
  --keypair ~/.config/solana/id.json \
  --network mainnet-beta

// fund this wallet with mainnet USDC + a little SOL · $0.10 USDC per kraph_provision

claude_desktop_config.json · local · mainnet

{
  "mcpServers": {
    "kraph": {
      "command": "npx",
      "args": ["-y", "@kraph/mcp-stdio",
               "--keypair", "~/.config/solana/id.json",
               "--network", "mainnet-beta"]
    }
  }
}

~/.cursor/mcp.json · local · mainnet

{
  "mcpServers": {
    "kraph": {
      "command": "npx",
      "args": ["-y", "@kraph/mcp-stdio",
               "--keypair", "~/.config/solana/id.json",
               "--network", "mainnet-beta"]
    }
  }
}

~/.codeium/windsurf/mcp_config.json · local · mainnet

{
  "mcpServers": {
    "kraph": {
      "command": "npx",
      "args": ["-y", "@kraph/mcp-stdio",
               "--keypair", "~/.config/solana/id.json",
               "--network", "mainnet-beta"]
    }
  }
}

claude code · remote · devnet

$ claude mcp add --transport http kraph https://api.kraph.com/mcp

// first call opens a privy browser login · gateway signs payments via delegation on your behalf

claude_desktop_config.json · remote · devnet

{
  "mcpServers": {
    "kraph": {
      "url": "https://api.kraph.com/mcp"
    }
  }
}

~/.cursor/mcp.json · remote · devnet

{
  "mcpServers": {
    "kraph": {
      "url": "https://api.kraph.com/mcp"
    }
  }
}

~/.codeium/windsurf/mcp_config.json · remote · devnet

{
  "mcpServers": {
    "kraph": {
      "serverUrl": "https://api.kraph.com/mcp"
    }
  }
}

claude code · remote · mainnet

$ claude mcp add --transport http kraph https://api-mainnet.kraph.com/mcp

claude_desktop_config.json · remote · mainnet

{
  "mcpServers": {
    "kraph": {
      "url": "https://api-mainnet.kraph.com/mcp"
    }
  }
}

~/.cursor/mcp.json · remote · mainnet

{
  "mcpServers": {
    "kraph": {
      "url": "https://api-mainnet.kraph.com/mcp"
    }
  }
}

~/.codeium/windsurf/mcp_config.json · remote · mainnet

{
  "mcpServers": {
    "kraph": {
      "serverUrl": "https://api-mainnet.kraph.com/mcp"
    }
  }
}

claude code · skill install

# core skill — handles oauth + pins the bearer into mcp config
git clone https://github.com/piske-alex/kraph-skill.git \
  ~/.claude/skills/kraph
chmod +x ~/.claude/skills/kraph/scripts/*.sh

# optional: email skill (send / receive at @kraph.com via mcp tools)
git clone https://github.com/piske-alex/kraph-email-skill.git \
  ~/.claude/skills/kraph-email

// restart claude code · then ask: "set up kraph" — the skill walks oauth, exchanges for a 24h bearer, and pins it via `claude mcp add --header`

claude desktop · skill install

# macOS / Linux
git clone https://github.com/piske-alex/kraph-skill.git \
  ~/.claude/skills/kraph
chmod +x ~/.claude/skills/kraph/scripts/*.sh

# optional: email skill
git clone https://github.com/piske-alex/kraph-email-skill.git \
  ~/.claude/skills/kraph-email

// windows %USERPROFILE%\.claude\skills\kraph

// restart desktop · then ask: "set up kraph"

A authentication

Kraph authenticates via your Solana wallet, not a cloud billing profile. Two modes, both handled automatically:

SIWS — agent signs a challenge message with a local Solana keypair. Three tool calls: kraph_auth_challenge → sign → kraph_auth_verify. Session token valid for 30 minutes.
Privy OAuth — for agents without a local keypair. Sign in with email once, get a Privy server wallet, and avoid card or KYC setup. The gateway can sign x402 payments on behalf of that wallet through the delegation flow.

Paid tool calls settle via x402 on Solana. The gateway returns 402 Payment Required with the tool's price in USDC; your client's x402-fetch wrapper signs and retries automatically. The result is metered infrastructure without a card processor sitting between the agent and the app it is trying to ship.

B compatibility

Kraph runs the unmodified official Supabase Docker stack under the hood — same Postgres 15, same PostgREST, same GoTrue auth, same Realtime, same Storage API, same Edge Runtime (Deno/TypeScript), same JWT format, same Studio dashboard.

That means the full compat surface works out of the box: @supabase/supabase-js, PostgREST clients, supabase-py, supabase-dart, Studio, the supabase CLI, the Supabase Edge Functions runtime, the S3-compatible Storage API, standard ENV-var semantics for functions, pg_dump / pg_restore, and every RLS policy you've already written.

Migrating an existing full-stack app is a few env-var changes:

Call kraph_provision → get a new URL + anon key + service role key
pg_dump source db → pg_restore into the new instance
kraph_deploy_function your edge functions · kraph_set_env for secrets · upload buckets to Storage
Update SUPABASE_URL / SUPABASE_ANON_KEY and redeploy (or kraph_pin_frontend the built static bundle to IPFS)

Kraph is an independent open-source project, not affiliated with or endorsed by Supabase Inc. — but because it orchestrates the same open-source components those projects use, the SDKs work unchanged. For ad-hoc agent use, no migration at all: Kraph just sits alongside your existing infra as another tool.

from idea to running product

// four steps · Forge or MCP

01 describe you

define what you’re building and who it serves

Start from an AI app, assistant, or automation you want in production. Use Forge for browser iteration or your own repo/tooling, then define triggers, guardrails, and data boundaries.
02 connect tools

wire tools, APIs, and model access

Connect calendars, email, CRMs, internal APIs, and data stores. Keep provider keys in encrypted env vars with least privilege instead of prompt text.
03 deploy < 15 s

provision an isolated backend and go live

Through MCP, Kraph provisions a full Supabase-compatible stack (Postgres, Auth, Realtime, Storage, Functions, Studio, API gateway) plus IPFS hooks. You get URLs, keys, and runtime without stitching vendors; paid tools settle via x402 on Solana.

id: agvxmi1rhdsk url: your instance endpoint studio_url: studio dashboard
04 observe always on

inspect state, logs, payments, and durability

Track what changed and what you paid for using Postgres state, function logs, stored artifacts, payment feed updates, and node health. Replication remains encrypted so replica storage carries ciphertext, not raw workload state.

replicas: ovh-ca · gcp-us (SEV-SNP attested path) integrity: per-segment hash chain · encrypted off-node

pick a network

// devnet for iteration · mainnet for production · same MCP flow

Start free on Devnet. Scale to production on Mainnet.

Devnet: Free USDC faucet. No card. No KYC. Perfect for building fast.

Mainnet: Real Solana USDC payments. Hardware-attested nodes. Encrypted everything.

// developer networks · same protocol

Solana devnet vs mainnet (MCP today)

devnet

$0 / faucet

for hacking

Pay with devnet USDC from the faucet. Any available node. Mock TEE. Ephemeral instances. No card, no KYC, low-risk playground.

✓ free devnet USDC (faucet)
✓ no credit card · no KYC
✓ drop-in for @supabase/supabase-js
✓ edge functions · object storage · static hosting · encrypted env
✓ encrypted WAL replication
✓ x402 paid tool calls
— mock TEE · no attestation
— instances paused after 24h

start free →

// network solana:devnet

mainnet

$0.10 / provision

for production

Real USDC on Solana mainnet. TEE-verified nodes only — eligible nodes prove they run inside an AMD SEV-SNP enclave before the gateway places production workloads on them.

✓ mainnet USDC · real payments
✓ wallet account · no card processor
✓ drop-in for @supabase/supabase-js
✓ edge functions · object storage · static hosting · encrypted env
✓ encrypted WAL replication
✓ AMD SEV-SNP attestation on qualified nodes
✓ measurement verification per placement

go mainnet →

// network solana:mainnet-beta

// what you pay for

metered today

kraph_provision $0.10 kraph_extend $0.05 kraph_query $0.001 kraph_set_env $0.005

not metered today

REST Realtime Storage egress Function invocations Static IPFS reads

If pricing changes, we will announce it clearly before it applies. Meter coverage may evolve as the network matures.

// migrate

devnet → mainnet

Three steps, same tooling. Your app, your keys, your data.

→

pg_dump your devnet instance and bundle storage artifacts
export database + objects + function source snapshots
→

Flip KRAPH_SOLANA_NETWORK=solana:mainnet-beta and run kraph_provision
same client flow, new mainnet instance + keys
→

pg_restore + kraph_deploy_function + kraph_set_env
same schema/data, secrets re-applied, attested mainnet path

confidential by design

// encrypted secrets · encrypted replication · attested production

encrypted secrets

Function env vars are stored as ciphertext on node disk; on SEV-SNP mainnet placement plaintext materializes only during apply in the attested runtime path.

encrypted replication

WAL segments leave the primary encrypted, and replica nodes retain ciphertext only, not application plaintext.

attested nodes

Eligible mainnet placement can run on AMD SEV-SNP hardware with fresh measurement checks before placement.

// who sees what

mainnet node operator: SEV-SNP attested placement reduces host-memory visibility.
replica operators: hold encrypted WAL ciphertext, not decrypted database pages.
gateway: still in today’s trust boundary for orchestration/auth/payment flows (see whitepaper).

devnet is not confidential - use mainnet and attested nodes for stronger confidentiality goals.

network status, transparent

// live gateway · node health · settlements · attestation signals

kraph · live.status

● live --:--:--

nodes live · 3

ovh-ca-a

167.114.159.161

mock TEE

—

ovh-ca-b

167.114.159.161:3403

mock TEE

—

gcp-us-c SEV-SNP

34.136.139.100

real AMD SEV-SNP

—

payment feed live · x402 ring buffer

03:49:26 kraph_provision $0.100 2pjuY6…xsVPM
02:14:12 kraph_query $0.001 e5QVNh…4dJfS
19:38:44 kraph_provision $0.100 3GhaTG…YtVsPM

run verified capacity for Kraph

// supply-side · compliance-first framing

Kraph is growing an independent operator network that supplies compute, storage, and bandwidth for customer workloads.

what you provide

Verified infrastructure capacity: compute, storage, bandwidth, uptime, region coverage, and optional attested hardware.

how payouts work

Approved operators are paid monthly in USDC as vendor payments for delivered services.

compliance & next step

Onboarding may require identity checks, tax documentation, and service-level agreements. Share region, hardware profile, and SEV-SNP readiness.

contact · operator inquiries →

why this matters

// answers to the obvious objections

vs other tools

Q. How is this different from Vercel or Supabase?

Kraph covers the same shipping loop (frontend + backend + auth + data), then adds Forge + MCP, x402 per-call metering, independent operators, and confidentiality controls for production paths. It is an independent project built around compatible open-source components.

Q. What is Forge?

Forge is Kraph’s in-browser AI builder for full-stack apps. You iterate on UI + logic while targeting the same Postgres/Auth/Storage/Functions stack provisioned by the network. Open it at forge.kraph.com/build.

Q. Is Kraph a Supabase competitor?

Kraph is not Supabase, but it is Supabase-compatible by orchestrating the same open-source components many teams already use. The differentiation is the bundle: AI builder + agent provisioning + stablecoin-metered tool calls + encrypted replication + decentralized placement + attested hardware options.

Q. How is this different from AI app builders that only ship frontend?

Kraph combines builder flow with production backend primitives: Postgres, auth, realtime, storage, edge functions, encrypted secrets, optional x402 metering via MCP, encrypted replication, and independent node supply.

security & secrets

Q. Can Kraph or node operators read my API keys and secrets?

Secrets are encrypted at rest on nodes. On mainnet SEV-SNP placement, plaintext is intended to exist only in attested runtime paths during apply; on devnet, assume operators could observe brief decrypt windows. The gateway remains part of today’s trust boundary for orchestration and some auth/payment flows; see the whitepaper.

Q. Which AI model does Forge use? Can I pick my own?

Forge uses a built-in assistant today. Coming soon, you can choose your model (Claude, Codex, Gemini, or compatible endpoints) inside Forge. For backend integrations, keep provider keys in function-scoped secrets via kraph_set_env.

Q. How are API keys and third-party tokens protected?

Store them in function-scoped env vars with kraph_set_env (encrypted at rest). On mainnet attested placement, plaintext exists only briefly in runtime apply paths. Continue least-privilege practices: rotate keys, scope tools, and audit agent access.

Q. Can an existing app or agent use Kraph?

Yes. Kraph is a backend/hosting layer: connect to provisioned URLs + keys. Typical flow is kraph_provision through MCP or Forge-first, then swap env vars/endpoints like any Supabase-shaped project.

Q. How do secrets and env vars get handled?

Env rows are stored encrypted at rest and applied at runtime. Mainnet attested placement reduces host-memory exposure; devnet should be treated as non-confidential. kraph_list_env returns key fingerprints by default; include values only when explicitly requested.

network & payments

Q. Why does this need Solana?

Solana provides wallet identity, low-cost USDC settlement, and programmable registry rails so agents can pay one infrastructure action at a time via x402.

Q. Where does the DePIN part show up?

Infrastructure is supplied by independent nodes. Kraph coordinates placement, payment, encrypted replication, and attestation checks while keeping a familiar Postgres/Supabase-shaped developer surface.

Q. Isn't a distributed database impossible with CAP?

Kraph is not a distributed database. Each workload gets a single primary Postgres instance; decentralization applies to placement, settlement, and encrypted replication/backups.

Q. What if a node dies?

Encrypted WAL segments replicate to multiple nodes. If a primary fails, recovery replays from encrypted backup on reassigned infrastructure.

Q. Is this actually fast?

Provisioning is designed for fast startup versus traditional hosted project bootstraps, and ongoing query latency is whatever the underlying Postgres + API path deliver on selected nodes.

Q. What do you mean by privacy-first hosting?

Access is wallet-authenticated instead of card-account first. Billing identity and workload confidentiality are separate layers; confidentiality depends on encryption + placement tier.

Q. Can the node operator read my data?

On attested mainnet placement, host visibility is reduced by hardware memory encryption plus measurement checks before placement. On devnet, assume operators may inspect runtime state.

Q. Do I need crypto as an end user?

Developers using MCP today use wallets (or Privy) for x402 settlement. End-user product experiences may abstract wallet handling over time.

Q. How do node operators get paid?

Approved operators receive USDC vendor payments for delivered infrastructure under service terms and compliance checks.