The complete auth platform
MCP OAuth 2.1, framework adapters, dashboard, and SDK. Self-host with the open source package or let kavachOS Cloud handle everything.
21
packages
7
adapters
3
databases
1,840+
tests
pnpm add kavachos @kavachos/honoPlatform features
Everything you need in one package
Full authorization server for Model Context Protocol. PKCE S256, RFC 9728, RFC 8707, RFC 8414, RFC 7591.
Hono, Express, Next.js, Fastify, Nuxt, SvelteKit, Astro. Core has zero framework dependencies.
Visual agent management, permission editor, audit viewer, cost attribution, and compliance report generation.
SQLite, PostgreSQL, MySQL via Drizzle ORM. Self-host with any provider or use KavachOS Cloud (D1).
KavachOS Cloud runs on Cloudflare Workers. Sub-50ms authorize() latency globally. D1 per-tenant isolation.
TypeScript-first SDK. CLI for agent management, token rotation, and compliance exports.
Framework adapters
Works with your stack
Core is framework-agnostic (Web API Request/Response). Adapters handle the framework plumbing.
Code example
Hono adapter with MCP OAuth
import { createKavach } from "kavachos";
import { honoAdapter } from "@kavachos/hono";
import { Hono } from "hono";
const kavach = createKavach({
database: { provider: "d1", binding: env.DB },
agents: { enabled: true, auditAll: true },
mcp: { enabled: true }, // Enables OAuth 2.1 endpoints
});
const app = new Hono();
// Mount KavachOS routes (OAuth, token, agent management)
app.route("/auth", honoAdapter(kavach));
// Protected route using agent authorization
app.get("/api/data", async (c) => {
const token = c.req.header("Authorization")?.replace("Bearer ", "");
const result = await kavach.agents.authorize({
token,
resource: "api:data",
action: "read",
});
if (!result.allowed) return c.json({ error: result.reason }, 403);
return c.json({ data: "protected" });
});Ship auth in minutes, not weeks
One package, every framework. Free tier included.