PlatformFramework adapters
Hono
KavachOS adapter for Hono.
kavachHono(kavach, options?) returns a Hono app instance with all KavachOS routes pre-mounted. Use app.route to attach it to your main app.
Install
pnpm add kavachos @kavachos/hono hono @hono/node-serverSetup
Create the kavach instance
Create this once and reuse it across your app (e.g. lib/kavach.ts):
// lib/kavach.ts
import { createKavach, createMcpModule } from 'kavachos';
export const kavach = createKavach({
database: { provider: 'sqlite', url: 'kavach.db' },
baseUrl: process.env.AUTH_BASE_URL!,
mcp: {
issuer: process.env.AUTH_BASE_URL!,
audience: process.env.MCP_BASE_URL!,
},
});
export const mcp = createMcpModule(kavach);Mount the adapter
// src/index.ts
import { serve } from '@hono/node-server';
import { Hono } from 'hono';
import { kavachHono } from '@kavachos/hono';
import { kavach, mcp } from './lib/kavach.js';
const app = new Hono();
// Mount all KavachOS routes (agents, permissions, audit, MCP OAuth)
app.route('/api/kavach', kavachHono(kavach, { mcp }));
serve({ fetch: app.fetch, port: 3000 });MCP endpoints
Pass mcp to enable the full MCP OAuth 2.1 authorization server. All MCP endpoints are mounted under the same /api/kavach prefix alongside the REST API:
app.route('/api/kavach', kavachHono(kavach, { mcp }));
// registers:
// GET /api/kavach/.well-known/oauth-authorization-server
// GET /api/kavach/.well-known/oauth-protected-resource
// POST /api/kavach/mcp/register
// GET /api/kavach/mcp/authorize
// POST /api/kavach/mcp/tokenMCP routes include CORS headers (Access-Control-Allow-Origin: *) and respond to OPTIONS preflight requests automatically.
Endpoint reference
| Method | Path | Description |
|---|---|---|
POST | /agents | Create an agent |
GET | /agents | List agents |
GET | /agents/:id | Get an agent |
PATCH | /agents/:id | Update an agent |
DELETE | /agents/:id | Revoke an agent |
POST | /agents/:id/rotate | Rotate token |
POST | /authorize | Authorize by agent ID |
POST | /authorize/token | Authorize by bearer token |
POST | /delegations | Create delegation |
GET | /delegations/:agentId | List delegation chains |
DELETE | /delegations/:id | Revoke delegation |
GET | /audit | Query audit logs |
GET | /audit/export | Export audit logs |
Full example
import { serve } from '@hono/node-server';
import { Hono } from 'hono';
import { createKavach, createMcpModule } from 'kavachos';
import { kavachHono } from '@kavachos/hono';
const kavach = createKavach({
database: { provider: 'sqlite', url: 'kavach.db' },
baseUrl: 'https://auth.yourapp.com',
mcp: {
issuer: 'https://auth.yourapp.com',
audience: 'https://mcp.yourapp.com',
},
});
const mcp = createMcpModule(kavach);
const app = new Hono();
app.route('/api/kavach', kavachHono(kavach, { mcp }));
app.get('/health', (c) => c.json({ ok: true }));
serve({ fetch: app.fetch, port: 3000 });