Hive — opt-in cross-team sync

Hive is the optional cloud layer that lets teams share knowledge across repos, branches and contributors. Disabled by default. When enabled, only privacy-filtered, content-addressed chunks of allow-listed types ever leave the machine.

Updated: 2026-04-30

Hive is the optional cloud layer that lets teams share knowledge across repos, branches and contributors. It’s disabled by default, kill-switchable with one env var, and enforces a default-deny privacy boundary every byte has to cross.

Privacy guarantees

Privacy filter at the boundary: only redacted content leaves the machine.
Content-addressed chunking: dedup at the chunk level, no redundant uploads.
Allow-list of types: only explicit types sync (default: pattern, decision, learning).
Pause / resume per project: POST /admin/hive/projects/{project}/pause.
Conflict-free: last-write-wins on metadata, chunks immutable.

Sync flow

Store.Save → Outbox.Enqueue (cloud_outbox table)
           → Worker tick (every 15 min, default)
           → Filter (privacy rules)
           → Client.PostBatch (gzip JSON, 10 s timeout)
           → MarkSent | MarkRejected | MarkFailed (with backoff)

Backoff schedule with ±25% jitter: 30s → 2m → 10m → 1h → 6h → 24h. After 6 failed attempts, the row is parked in failed status and re-enqueable with korva hive retry.

Worker states

idle | pushing | backoff | healthy | disabled

Inspectable via GET /api/v1/hive/status or korva hive status.

CLI commands

Command	Purpose
`korva hive push`	Flush the local outbox once
`korva hive status`	Pending / sent / rejected / failed counts
`korva hive enable`	Enable sync (writes config)
`korva hive disable`	Disable sync (writes config)
`korva hive retry`	Re-enqueue rows in `failed` status
`korva hive rotate-key`	Generate a new 32-byte Hive API key

Tier-aware behaviour

Community: Hive available — sync only to the community brain (anonymised, no secrets).
Teams: Hive sync to community + optional cross-team within the same organisation, plus private sync between repos of the same customer (FeatureCloudPrivate).

Disabling completely

export KORVA_HIVE_DISABLE=1

A single env var kills the worker on next start. There’s no way for a misconfiguration or transient network glitch to send anything outbound when this is set.

Hybrid search

When Hive is enabled, vault_context and vault_search?cloud=1 query local SQLite and the Hive community brain in parallel with a 3-second hard timeout. Hive failure never blocks your local context — local IDs always take priority in the merged result set.