Does my code leave my machine?

No. The vault runs on localhost:7437. MCP communicates via stdin/stdout — no network requests. The privacy filter auto-redacts passwords, tokens, and Bearer keys before saving to SQLite. Korva Hive (community cloud sync) is opt-in and applies a default-deny privacy filter before anything leaves your machine. KORVA_HIVE_DISABLE=1 kills all outbound traffic with a single env variable.

How is this different from .cursorrules or CLAUDE.md?

Static files don't accumulate knowledge, can't enforce rules at commit time, don't inject context automatically, and get stale as your project evolves. Korva is a cognitive system, not a config file. Your vault grows over time, Sentinel runs at every commit, and Lore scrolls update with community best practices.

Which AI editors does Korva work with?

Any editor that supports the Model Context Protocol (MCP) works with Korva. v1.0 ships first-class integrations for 8 editors: Claude Code, Cursor, Windsurf, GitHub Copilot, OpenAI Codex, OpenCode, Gemini CLI, and VS Code. Each IDE gets a ready-to-use config in integrations/ /. Run `korva setup --all` to configure every detected editor at once.

Can I use it with my stack (not NestJS/hexagonal)?

Yes. Vault and Lore are stack-agnostic. Sentinel rules are configurable with custom YAML. The community is adding scrolls for Next.js, Laravel, Rust, Go, Python, FastAPI, and more. The 5-phase SDD workflow works for any language or framework.

What happens when a team member leaves?

Their knowledge stays. Every decision they made, every bug they fixed, every pattern they discovered — it's all in the vault. The next developer who works on that project gets full context automatically. This is one of the core reasons Korva exists.

Can I self-host the vault for my team?

Yes. Deploy korva-vault as a Docker container on your own infrastructure. Team members point their CLI to your server. The vault sync is always self-hosted — your data never goes through third-party cloud. See docs/DEPLOYMENT.md for Railway, Fly.io, VPS, and Kubernetes examples.

The highest-impact contributions are: (1) writing a Lore scroll for your stack using lore/SCROLL_TEMPLATE.md, (2) adding a Sentinel rule for patterns your team enforces, (3) reporting bugs with reproduction steps. See CONTRIBUTING.md on GitHub.

Does Korva work on Windows?

Yes. The CLI and vault binary are compiled for Windows (amd64 and arm64). Install with PowerShell: irm https://korva.dev/install.ps1 | iex. Platform paths use %LOCALAPPDATA%\korva\ on Windows.

Is Korva SOC 2 compliant?

Korva's core is open source and self-hosted. When deployed privately, your compliance footprint is yours to control. For enterprise deployments, we provide deployment guides, audit-ready configurations, and security hardening documentation. Contact us for SOC 2 attestations for managed services.

Can we self-host Korva?

Yes. Korva is 100% open source (MIT license) and designed for self-hosting. Deploy on your own infrastructure, private VPCs, air-gapped networks. Documentation includes Docker, Kubernetes, and bare-metal deployments. Enterprise support includes architecture review and optimized deployments.

What audit and logging capabilities exist?

Korva Teams tier includes audit logging for all admin actions: license changes, team members added/removed, skills deployed, privacy settings modified. Logs are immutable, timestamped, and exportable. Full query support via API.

How does offline-first licensing work?

Korva licenses are JWS-signed (offline-first). Activate once online, then work 100% offline. 7-day grace period if unable to check in. Ideal for enterprises with air-gapped networks, remote teams, and unpredictable connectivity.

I had a Business or Enterprise license — what now?

Your license keeps working transparently. Korva consolidated the previous Business and Enterprise tiers into a single Teams tier that already includes code health, pattern mining, multi-profile, private cross-team Hive, RBAC and audit log. The licensing server maps existing Business/Enterprise keys to Teams automatically — your next renewal will issue a Teams license directly.

Korva — AI for development teams: memory, guardrails, knowl…

The problem

Your AI forgets everything
after every session.

🧠

Context amnesia

Every AI session starts from zero. Decisions made last week, patterns established last month, bugs fixed last year — completely unknown to your AI.

🎯

Pattern drift

Without memory, the AI invents its own patterns. Each suggestion slowly diverges from your standards until the codebase becomes inconsistent.

💸

Knowledge locked in heads

Senior knowledge doesn't transfer to AI. New developers spend days re-explaining context. Teams waste hours on conversations that should happen once.

Without Korva

// Session #47 — same conversation as session #1

You: "Remember: Clean Architecture, Repository pattern, all mutations through CommandBus, no direct DB..."

AI: // Ignores everything you just said

async createOrder(req, res) {

const order = await db.query(...)

// ← direct DB in service layer

await sendEmail(order.id) // ← sync call, no queue

}

✗ Wrong patterns, every session. New dev tomorrow? Same conversation.

With Korva

// Every session, automatically — no explanation needed

vault_context() → 89 team memories loaded

✓ Architecture: CQRS + Domain Events (Apr 2024)

✓ Rule: Repository interface only in services

✓ Incident: Direct DB caused prod outage (Jun 2024)

AI: // Knows your patterns. No explanation needed.

class CreateOrderCommand {

execute(dto) {

const order = Order.create(dto)

// ✓ Domain model, not raw DB

this.repo.save(order)

// ✓ Repository port respected

}

✓ Perfect architecture. First try. Every session. Scales to the whole team.

What is Korva

An infrastructure layer
between your team and every AI.

Korva is an open-source server that runs on your machine. Your AI editors connect to it, and it gives them three things they normally lack: memory of past work, guardrails for your architecture, and curated knowledge of your stack.

MCP Model Context Protocol

The open standard — created by Anthropic — that lets AI assistants talk to external tools. Korva speaks MCP, so any compatible editor connects with zero custom integration.

SDD Spec-Driven Development

A 5-phase workflow — Explore, Specify, Design, Implement, Verify — that stops the AI from diving into code before the problem is understood and approved.

Local-first Your data, your machine

The vault is a SQLite database in ~/.korva. No account, no telemetry, no code leaving your machine. Cloud sync exists but is opt-in and privacy-filtered.

One Go binary. MIT licensed. Installs in 30 seconds.

How Korva fits in

One server, six services,
zero cloud lock-in.

Korva is a single Go binary that sits between your AI assistant and your code. The vault server orchestrates six specialized modules — each one solves a piece of the AI-coding puzzle.

Input

Your editor + AI

Any MCP-compatible assistant. No plugins, no rewrites — point it at the vault and you are done.

Claude Code Cursor Copilot +5

MCP

stdin/stdout

↓

Hub korva-vault

korva-vault

Local Go server. Speaks MCP over stdio and HTTP. Hosts the six services and ships Beacon embedded.

localhost:7437 · 46 MCP

persist

SQLite

↓

Storage

Your machine

SQLite database, admin key and team profile — all in ~/.korva. Nothing leaves without your action.

~/.korva/vault.db

~/.korva/admin.key (0600)

No telemetry · ever No cloud account required Hive sync is opt-in only

The six modules

Each module is independently configurable

Persistent memory across sessions. Decisions, incidents, patterns — searchable in milliseconds.

Sentinel

10

rules

Runs at: pre-commit hook

Architecture and security guardrails. Blocks risky commits before review wastes anyone’s time.

Lore

25

curated scrolls

Runs at: file open + prompt

Curated knowledge auto-injected by file pattern, keyword or task. Your AI inherits stack expertise.

Spec-Driven Development workflow with two human gates. AI cannot code first and ask later.

Beacon

:7437

web port

Runs at: localhost:7437

Local web dashboard embedded in the vault binary. Browse observations, sessions, scrolls and admin.

Hive

opt-in

opt-in sync

Runs as: optional sync

Community brain. Anonymized patterns from the network — only after the privacy filter passes.

When each service kicks in

A typical AI session, end to end

01

1 · Session start

Vault loads project context. Lore auto-loads matching scrolls. Your AI knows what your team knows.

Vault Lore

02

2 · While coding

Vault saves new decisions and bug fixes. Forge tracks the SDD phase. Beacon shows everything live.

Vault Forge Beacon

03

3 · At commit time

Sentinel runs pre-commit. Forge enforces the quality gate. No insecure or off-architecture code lands.

Sentinel Forge

04

4 · Share & sync

Hive — opt-in only — anonymizes patterns and shares them with the community. Beacon mirrors team state.

Hive Beacon

Who Korva is for

Different roles,
different wins.

Korva works for one developer or a 500-engineer org — the value just changes shape. Pick the closest match below.

Solo developer

Stop re-explaining your codebase

You ship alone but use 3+ AI assistants. Each one starts from zero. Korva is your private memory layer.

Vault remembers every decision across sessions and editors
Sentinel catches the same bug class twice — never thrice
24+ Lore scrolls cover the stacks you actually use

Best fit

Community · free forever

Senior engineer

Enforce architecture without writing rules

You spend hours reviewing AI-generated code that violates the team’s patterns. Korva makes the guardrails non-optional.

Pre-commit Sentinel rejects layer violations and risky patterns
Lore scrolls capture your team’s tribal knowledge as machine-readable
Forge gates block AI from "just trying things" without a spec

Best fit

Community · upgrade when team grows

Tech lead

Scale knowledge across your team

Onboarding takes weeks because context lives in heads. Senior questions repeat. Korva fixes the leak.

Multi-profile workspaces (frontend / backend / devops)
Skills Hub: write a custom AI behavior once, sync to everyone
Audit log shows what changed, by whom, when

Best fit

Teams · $9/seat/month launch

Engineering org

AI productivity without compliance risk

You want AI assistants everywhere, but legal asks where the code goes. Korva runs on your infrastructure, period.

Self-hosted vault — single binary on Docker, K8s or VPS
Offline-first JWS license — air-gapped friendly, 7-day grace
RBAC + immutable audit log + private cross-team Hive

Best fit

Teams · custom for SLA / SSO

Install in 30 seconds

Features

Six components that make
your AI agents actually good.

Persistent memory, guardrails, knowledge injection, structured workflows, a web dashboard, and a community cloud brain — all working together.

Vault

Vault — Persistent AI Memory

Your AI accumulates knowledge over time — incidents, decisions, patterns, team conventions. Months of institutional knowledge surfaced automatically, in every session, for every developer on your team.

Saves incidents, decisions & bug fixes forever
Auto-surfaces relevant context per session
46 MCP tools — 8 IDE integrations, zero config
Privacy filter: secrets never hit the DB

Explore Vault

// Friday 11pm — critical production incident
vault_save({
  type: "incident",
  title: "Race condition in payment processor",
  content: "Two concurrent requests can double-charge.
  Fix: Redis distributed lock on payment_id.
  LOCK:payment:{id} with 30s TTL — always."
})

// 9 months later, new dev opens payments.ts:
vault_context("payments")
// → AI: "A past incident shows race conditions
//   here. Use distributed locking on payment_id
//   or you risk double-charging customers."
// Saved: 3-day debugging session, $12k incident

Sentinel

Sentinel — AI Guardrails on Every Commit

Your AI generates code fast — Sentinel makes sure it's correct. Pre-commit hooks catch security vulnerabilities, layer violations, and dangerous patterns before they ever reach your codebase.

SEC rules: injections, hardcoded secrets, timing attacks
ARC rules: layer isolation for any architecture
NAM + TEST rules: naming & debug log detection
Add custom rules for your team's standards

Explore Sentinel

$ git commit -m "feat: user authentication"

Running Korva Sentinel...
  ✓ NAM-001  Naming conventions
  ✓ TEST-001 No debug logs in production
  ✗ SEC-001  Hardcoded secret detected
  ✗ SEC-003  Timing attack vulnerability
  ✗ ARC-002  HTTP handler in domain layer

  src/auth/AuthService.ts:14
  const secret = "sk_live_4xK9mP..."
                  ^^^ Use process.env.JWT_SECRET

  src/auth/AuthService.ts:31
  if (user.token === inputToken)
      ^^^ Use crypto.timingSafeEqual()

3 critical issues. Commit blocked.

Lore

Lore — Knowledge Injected on Demand

Open a payments file and your AI instantly knows Stripe idempotency, PCI compliance, and float precision rules — without a word from you. Scrolls auto-load based on context and make your AI an expert in your stack.

25 curated scrolls for the most common stacks
Auto-loaded when you open related files
Private team scrolls via Git-based Team Profile
Community-growing knowledge base

Explore Lore

// You open: src/payments/checkout.ts
// Korva detects context: payments + stripe

📜 stripe-webhooks  Idempotency keys required
📜 pci-dss          Never log card numbers or CVV
📜 decimal-math     Use Decimal.js — never floats
📜 retry-patterns   Exponential backoff on 429s

// AI already knows, without explanation:
"I'll implement checkout using Stripe's
idempotency keys to prevent duplicate charges,
Decimal.js for all monetary amounts to avoid
float precision bugs, and structured logging
that filters out any card data automatically."

Forge

Forge — Spec-Driven AI Development

Stop letting AI dive straight into code. Forge imposes a 5-phase Spec-Driven Development workflow: Exploration → Specification → Design → Implementation → Verification — with explicit human-approval gates between Spec and Design.

Phase 1: Exploration — read code, surface debt, no proposing
Phase 2–3: Spec & Design — both require explicit approval
Phase 4: Implementation — exactly what was designed, nothing more
Phase 5: Verification — Sentinel scan + checklist + vault_save

Explore Forge

vault_sdd_phase({ project: "payments" })
// → phase: "apply"  step: 6/9

vault_qa_checklist({ phase: "apply", language: "typescript" })
// → 22 quality criteria loaded

// ... implement feature ...

vault_qa_checkpoint({ project: "payments",
  phase: "apply", status: "pass",
  score: 87, gate_passed: true,
  findings: [{ rule: "TS-APP-001", status: "pass" }]
})
// → "Gate unlocked. apply → verify allowed."

vault_sdd_phase({ project: "payments", phase: "verify" })
// → Phase advanced ✓

Beacon

Beacon — Web Dashboard

A full-featured React 19 dashboard embedded in the vault server. Browse observations, manage sessions, toggle scrolls, edit team settings, and administer your Korva installation — all on localhost:7437.

Vault explorer with full-text search and timeline view
Session management: start, replay, summarize
Lore manager: browse and activate community scrolls
Admin panel: teams, audit log, license (Teams tier)

Explore Beacon

// Beacon — React 19 dashboard at localhost:7437

[Vault Explorer]  projects: 3  obs: 1,247

▸ payments    89 obs   last: 2h ago   sdd: apply
▸ auth        34 obs   last: 4d ago   sdd: verify
▸ user-api    23 obs   last: 1w ago   sdd: archive

[Session Timeline — payments]
12:41  vault_context("payments") → 89 obs loaded
12:42  vault_save — incident: double-charge fix
12:55  vault_qa_checkpoint → gate unlocked ✓
13:10  vault_sdd_phase("verify") → advanced ✓

[Lore Manager]
● stripe-webhooks   active  ✓ idempotency loaded
● pci-dss           active  ✓ compliance loaded
● decimal-math      active  ✓ precision loaded

Hive

Hive — Community Cloud Brain

An opt-in community cloud that aggregates privacy-filtered observations from the Korva network. When enabled, vault_context and vault_search query your local SQLite and Hive simultaneously.

Opt-in: disabled by default, KORVA_HIVE_DISABLE=1 kills it
Default-deny privacy filter before any upload
Hybrid search: local + community results in parallel
Hive failure never blocks your local context

Explore Hive

vault_context({ project: "payments" })
// → hybrid result in 142ms

{
  context: [              // local SQLite
    { type: "incident",
      title: "Race condition in payment processor",
      source: "local" },
    { type: "decision",
      title: "CQRS: no direct DB in controllers",
      source: "local" }
  ],
  hive_context: [         // community brain
    { title: "Decimal.js for monetary amounts",
      source: "hive", score: 0.94 },
    { title: "Webhook dedup via idempotency table",
      source: "hive", score: 0.87 }
  ],
  hive_status: "ok",
  sdd_phase:   "apply"
}

Teams in depth

Everything Community,
plus team scale.

The free Community core covers an individual developer or a small OSS project. Teams adds what an organization needs: shared skills, multi-profile workspaces, RBAC, audit log, code-health analytics and a private Hive.

Skill Hub

Versioned AI capabilities. Create once, sync org-wide. Your team's custom AI behaviors stored securely in Beacon.

Private Scrolls

Team-only architecture knowledge. Write scrolls directly in Beacon — no Git repo needed. Never sent to cloud.

Teams Management

Multi-member access. Invite tokens. Session control. Every team member gets their own vault profile with shared knowledge.

Audit Log

Immutable history. Every admin action logged for compliance. Who saved what, when, and from where.

Capability comparison

highlighted = Teams-only

Capability	Community	Teams
Lore scrolls (knowledge)	public	public+private
Custom AI skills (versioned)	—	hub
Workspace profiles	single	multi
Hive cross-team sync	public	private+public
RBAC + invite tokens	—	roles+invite
Audit log	—	immutable
Code-health analytics	—	A–F + trend
Pattern mining	—	auto-mining
Beacon dashboard	✓	✓ + analytics
Support	GitHub	email + SLA

Multi-profile workspace

Teams

Each developer can switch between team profiles — frontend, backend, devops — and the active scrolls, skills and Sentinel rules switch with them. No more bloated context.

~/.korva/profiles/

frontend active

backend

devops

Active scrolls (frontend)

📜 react-perf 📜 a11y-core 📜 design-system

$ korva profile use backend → Lore + Sentinel + Skills swap atomically

From Community to Teams in 3 commands

No migration script, no data move. Your existing vault stays exactly where it is.

1 Activate the license

Paste your Teams license key. Vault verifies the JWS signature locally with the embedded public key.

$korva license activate KORVA-XXXX-XXXX

2 Wire the team profile

Point Korva at your private Git profile repo. Custom Sentinel rules, private scrolls and skills clone in.

$korva init --profile [email protected]:org/profile.git

3 Invite teammates

Generate a one-time invite token from Beacon. Each teammate runs korva join — they are ready in seconds.

$korva team invite --role=member

Teams license is offline-first

No daily check-in required. 7-day grace window. If the licensing server disappears, the vault keeps working — no data is ever locked behind a paywall.

See pricing Talk to sales

SDD Workflow

5 phases that stop AI
from diving straight into code.

Forge guides your AI through a structured Spec-Driven Development workflow. Two human-approval gates between Specification and Design + Design and Implementation block advancement until your criteria are met. Internally tracked in nine vault states for full audit.

Explore

Map the problem space, identify knowledge gaps, surface constraints. Understanding before solutions.

Propose

Define 2–3 solution approaches with trade-off analysis and testing strategy.

Spec

Write formal requirements with testable acceptance criteria in Given/When/Then format.

Design

Define module structure, DI contracts, interfaces. All dependencies must be mockable.

Tasks

Decompose into atomic implementation tasks. Every task must have a paired test task.

Apply

Gated

Write the code. 22 quality criteria enforced. No debug output, no hardcoded secrets.

Quality gate — score ≥70 required

Verify

Gated

Full test suite passes with -race flag. Coverage ≥70%. E2E tests for critical paths.

Quality gate — score ≥70 required

Onboard

Update team skills with new patterns. Share QA findings. Create templates for future tasks.

Quality gates at phases 6 and 7 require vault_qa_checkpoint(gate_passed=true) before advancing. Score ≥70 required.

Learn how SDD works

Harness Engineering

Stop prompting one file at a time.
Delegate a whole backlog.

Harness turns your AI assistant from a one-shot code generator into an autonomous engineer that works a declarative feature backlog — picking the next task, writing the spec, implementing it, and reporting back. The same contract works across 7 editors.

Every feature moves through an explicit state machine

pending

in_progress

done

blocked

Each transition is recorded in the vault — a full, auditable trail of what the AI did and when.

Declarative backlog

A feature_list.json the AI reads to pick the next item and update as it works. Context survives between sessions — no more re-briefing the agent every prompt.

One contract, 7 editors

A universal AGENTS.md plus per-editor configs for Claude Code, Cursor, Windsurf, Continue, GitHub Copilot, Aider and Codex CLI. Switch tools without losing the workflow.

Spec-author + spec-reviewer

Dedicated subagents draft EARS specifications and review them against an approval gate before a single line of code is written.

CI-enforced invariants

One command wires a GitHub Actions workflow that validates harness state and spec quality on every push — the backlog can never drift.

The same harness, across your whole team

Claude CodeCursorWindsurfContinueGitHub CopilotAiderCodex CLI

14 dedicated MCP tools drive the backlog — init, next, start, done, block, spec, review and more.

See how Harness works $korva harness

MCP Tools

46 tools. 8 IDEs.
Three permission profiles.

Korva exposes 46 tools via the Model Context Protocol — agent profile (41 tools, full workflow), readonly profile (17 tools, search-only), admin profile (46 tools, includes deletes). Works natively in Claude Code, Cursor, Windsurf, GitHub Copilot, Codex, OpenCode, Gemini CLI and VS Code — no custom integration required.

vault_context — session start

// Called at session start with file context
vault_context({ project: "payments", prompt: "add checkout",
  file_paths: ["src/checkout.ts"], budget_tokens: 4000 })

→ sdd_phase:     "apply"
→ observations:  89 loaded  (local + hive)
→ team_skills:   3 loaded
→ auto_skills:   ["stripe-webhooks", "pci-dss"]  ← auto-loaded
→ hive_status:   "ok"  5 community patterns
→ merged_in:     142ms

Used when

Used at session start, before any work begins

Editors

Claude Code

Cursor

Windsurf

Copilot

+4 more

View full MCP reference

46 tools across 8 groups — every one callable from any MCP editor.

Core Memory 10 tools

Save, search, retrieve and time-line every observation — the read/write foundation of the vault.

vault_savevault_updatevault_getvault_deletevault_searchvault_hintvault_contextvault_timelinevault_queryvault_stats

Capture & Bulk 4 tools

Extract learnings from raw text, bulk-import in one call, and store reusable prompt templates.

vault_capturevault_capture_passivevault_bulk_savevault_save_prompt

Sessions 2 tools

Open and close tracked AI work sessions with automatic summaries.

vault_session_startvault_session_end

Relations & Conflict 4 tools

Link observations, scan for conflicts, and adjudicate contradictory knowledge.

vault_relatevault_judgevault_comparevault_merge_projects

SDD Workflow 3 tools

Drive the Spec-Driven Development phase machine and its quality-gate checkpoints.

vault_sdd_phasevault_qa_checklistvault_qa_checkpoint

Intelligence 5 tools

Code-health scoring, pattern mining, skill matching and token compression.

vault_code_healthvault_pattern_minevault_skill_matchvault_compressvault_summary

Project & Team 4 tools

Auto-detect the active project, manage topic keys, and load team skills and scrolls.

vault_current_projectvault_suggest_topic_keyvault_team_contextvault_export_lore

Harness Engineering 14 tools

The 14-tool backlog engine — init, pick the next feature, start, complete, block and spec.

vault_harness_initvault_harness_statusvault_harness_listvault_harness_nextvault_harness_startvault_harness_donevault_harness_blockvault_harness_reopenvault_harness_addvault_harness_specvault_harness_readyvault_harness_checkvault_harness_spec_reviewvault_harness_ci_install

Works natively with

Claude Code Cursor Windsurf GitHub Copilot Gemini CLI OpenCode OpenAI Codex VS Code + any MCP-compatible IDE

Beacon · the dashboard

Your private vault,
visualized.

Beacon is the React 19 dashboard embedded inside the korva-vault binary. It serves your observations, sessions, scrolls and admin from a single window — opened with one click after install.

Runs at http://localhost:7437 · served by your local vault, never by Korva’s servers

localhost:7437

connected

Projects

payments-api

247 obs · sdd: apply

auth-service

89 obs · sdd: verify

user-portal

156 obs · sdd: archive

payments-api

active 247 observations

incident

Race condition in payment processor

#stripe#race-cond 2h ago

pattern

Idempotency key required on POST /charge

#stripe#idempotent 1d ago

decision

CQRS over CRUD — no direct DB in controllers

#arch#cqrs 3d ago

learning

Use Decimal.js for monetary amounts (avoid float)

#stripe#precision 1w ago

Full-text search

SQLite FTS5 across every observation. Filter by type, project, date or skill match.

Live session view

Watch your AI assistant call MCP tools in real time, with timing and source attribution.

Lore + Skills editor

Activate community scrolls or write team-private ones — no Git commit required.

Admin & audit

License status, team invitations, RBAC roles and an immutable audit log of every admin action.

Local · default

After running korva start, Beacon is already up. Open localhost:7437 in your browser — that is it.

$korva start && open http://localhost:7437

Served from the embedded SPA — works offline, no Korva servers involved.

Hosted demo · vault.korva.dev

A read-only Beacon demo with sample data. Useful for evaluating the UX before installing the binary.

→https://vault.korva.dev (public demo)

Demo only — your real vault always lives on your machine, never on vault.korva.dev.

How it works

One install. Three commands.
AI that knows your codebase.

Korva plugs into the editors you already use — no new interface to learn, no cloud account to create.

Step 01

Install Korva

One-line install via Homebrew (macOS/Linux) or PowerShell (Windows). Korva CLI + Vault server land on your machine in under 30 seconds.

$ brew install alcandev/tap/korva

The vault server starts automatically and listens on :7437 — fully local, no cloud.

Step 02

Connect Your Editors

One command auto-configures VS Code, Claude Code, and Cursor to use Korva as an MCP server. No manual JSON editing.

$ korva setup --all

Idempotent — safe to run multiple times. Merges with your existing editor config.

Step 03

Your AI Remembers

Every decision, bug fix, and pattern is stored locally. Your AI retrieves relevant context before each session — automatically.

→ vault_context loaded: 47 obs

Full-text search across your entire history. Privacy filter auto-redacts secrets.

How Korva connects to your editors

Your editors

VS Code + Copilot

Claude Code

Cursor

MCP protocol

stdin/stdout

↓

Korva Vault

korva-vault

localhost:7437

46 MCP tools

SQLite + FTS5

Privacy filter

protected

admin.key

↓

Your machine

~/.korva/vault/observations.db

~/.korva/admin.key

~/.korva/profiles/

No network connections leave localhost — ever

Privacy & Security

Local-first.
Cloud-connected on your terms.

Korva is engineered around a hard separation between what is public, what your team manages in the cloud, and what stays on your machine. Zero telemetry. Cloud sync is opt-in only. Every secret crosses an explicit boundary.

The 3-layer architecture

Layer 1

Public — github.com/AlcanDev/korva

MIT-licensed core: CLI, Vault engine, Sentinel, Lore engine, MCP tools, generic architecture rules. Zero knowledge of your team's data — every byte here is industry-generic.

Core engine · CLI · Vault · Sentinel · Lore · 25 curated scrolls

Pulls config locally on demand

Layer 2

Cloud — licensing.korva.dev

Your team's private config lives in the cloud, encrypted per team with AES-256-GCM. Manage scrolls, rules, AI instructions, and skills via the team portal. Config is pulled locally on demand — the cloud never initiates contact.

Team scrolls · Custom rules · AI instructions · Skills · AES-256 encrypted

Local Vault

Always on your machine (~/.korva/). SQLite database, admin.key, session data. Never synced without your explicit action.

observations.db · admin.key (0600) · private data

Local Vault

Always on your machine (~/.korva/). SQLite database, admin.key, session data. Never synced without your explicit action.

observations.db · admin.key (0600) · private data

admin.key — 0600 + constant-time auth

32 random bytes generated by crypto/rand. Stored at ~/.korva/admin.key with permission 0600. Compared with crypto/subtle.ConstantTimeCompare — immune to timing attacks. Never logged, never synced.

Privacy filter at the boundary

Every observation passes through internal/privacy.Filter() before any SQLite INSERT. Built-in redaction for password, token, secret, api_key, Bearer headers and <private>...</private> blocks. Custom patterns via vault.private_patterns.

JWS RS256 license verified offline

Paid tiers ship an RSA-4096 signed JWS token. Verified locally with the public key embedded in the binary — no network call. Optional 24h heartbeat keeps it fresh; degrades gracefully if offline 7+ days.

Hive opt-in by default-deny filter

The optional cross-team sync (Hive) only ships content-addressed chunks of allow-listed types (pattern / decision / learning) and only after the privacy filter passes. KORVA_HIVE_DISABLE=1 kills outbound traffic with a single env var.

Korva Hive

The opt-in community layer

Hive is an optional cloud that blends anonymized patterns from the Korva network into your context. Every observation crosses a default-deny privacy filter before it ever leaves your machine — and a single env var kills all outbound traffic.

Default-deny filter strips PII, secrets and file paths
KORVA_HIVE_DISABLE=1 — instant kill-switch
Hybrid context: local + community, merged in ~142ms

Explore Korva Hive

Pricing

Free forever for the core.
Pay only for team scale.

The full open-source core — Vault, Sentinel, Lore, Forge, Beacon, CLI — is MIT licensed and free for life. The Teams tier adds shared knowledge, code-health analytics, pattern mining, multi-profile, RBAC, audit log and SLA support. Launch pricing locks in for 12 months from first activation.

Community

$0

Forever. MIT license. No credit card.

The full local-first core for individual developers and OSS projects.

Install now

Vault — persistent SQLite memory, 46 MCP tools
Sentinel — built-in architecture & security guardrails
Lore — 25 curated knowledge scrolls
Forge — 5-phase Spec-Driven Development workflow
Beacon — local web dashboard
Team Profile via private Git repo
Korva Hive — opt-in community cloud sync
Works with 8 IDEs: Claude Code, Cursor, Windsurf, Copilot, Codex, OpenCode, Gemini, VS Code
macOS, Linux, Windows — single binary, no CGO
MIT license — no telemetry, no SaaS lock-in

Teams Most Popular

$9 /user/month

Annual prepaid · 3-seat minimum · launch price locked 12 months

For teams that need shared knowledge, code-health analytics and a private brain.

Get Teams

Everything in Community — Vault + MCP, all curated scrolls, Sentinel, Forge SDD, Beacon
Skills Hub + Smart Skill Auto-Loader (file pattern + keyword scoring)
Private Scrolls editor in Beacon (no Git required)
Multi-profile workspaces (frontend / backend / devops)
Hive cross-team sync (private cloud, self-hosted)
RBAC + immutable audit log
vault_code_health — A–F code grade analytics with trend
vault_pattern_mine — emergent pattern detection
Beacon analytics dashboard (sessions, gates, skills)
Email support + SLA · offline-first license (RS256 JWS, 7-day grace)

How the offline-first license works

The Teams tier ships an RS256 JWS license token, stored locally at ~/.korva/license.key. The vault verifies the signature on each start with the public key embedded in the binary — no network call required. An optional daily heartbeat keeps the license fresh. If the licensing server is unreachable for 7+ days, the vault degrades gracefully to Community tier (no data is ever deleted).

$ korva license activate KORVA-XXXX-XXXX-XXXX-XXXX

Get started

Up and running in
30 seconds.

Single command for each OS. No Docker required. No cloud accounts. No credit card.

1

Install via Homebrew

$brew install alcandev/tap/korva

Installs korva CLI + korva-vault binary. Vault starts automatically on port 7437.

2

Initialize your workspace

$korva init

Creates ~/.korva/ with default config, generates admin.key (0600 permissions), starts vault server.

3

Connect your AI editors

$korva setup --all

Auto-configures VS Code, Claude Code, and Cursor. Idempotent — safe to run again.

4

Optional: add team profile

$korva init --profile [email protected]:YOUR_ORG/korva-team-profile.git

Clones private team scrolls, rules, and copilot instructions into your local workspace.

5

Optional: connect to Teams cloud Teams

$korva connect https://portal.korva.dev K0RVA-XXXX-XXXX-XXXX-XXXX

Connect to your organization's Korva portal. Unlocks shared skills, private scrolls, and team analytics. Requires a Teams license.

No Homebrew? Use the shell installer:

$ curl -fsSL https://korva.dev/install.sh | bash

macOS 13+

Linux (x64/arm64)

Windows 10+

No Docker needed

No cloud account

No root/sudo

Open Source

Built in the open.
Free forever.

Korva is MIT licensed and will always be free. Every line of code is on GitHub. No vendor lock-in, no subscription traps.

A mature codebase, built in the open

v1.36.2

current release

20+

dev phases shipped

127

REST API endpoints

46

MCP tools

100%

local by default

MIT

open-source license

No fabricated testimonials. Just a public changelog and verifiable numbers. CHANGELOG →

⚖️

MIT License

Use Korva in commercial projects. Modify it. Redistribute it. Build your own tools on top of it. The only requirement is to keep the copyright notice.

Read the license

Ways to contribute

📜

Write a Scroll

Add knowledge for your stack (Next.js, Laravel, Rust, etc.) to the curated lore library.

🛡️

Add Sentinel rules

Contribute architecture validation rules for new patterns (DDD, Clean Architecture, etc.).

🐛

Report bugs

Open an issue on GitHub. Good bug reports with reproduction steps are invaluable.

⭐

Star the repo

Helps other developers discover Korva. Even small gestures grow the community.

Read CONTRIBUTING.md

github.com/AlcanDev/korva

korva/

├─ internal/ ← shared Go packages

├─ vault/ ← SQLite + MCP server

├─ cli/ ← korva CLI (Cobra)

├─ sentinel/ ← pre-commit hooks

├─ lore/ ← 25 curated scrolls

├─ forge/ ← SDD workflow phases

├─ beacon/ ← React dashboard

├─ LICENSE ← MIT

├─ go.work ← Go workspace

Built with

Go 1.26+ SQLite + FTS5 MCP Protocol Cobra CLI Bubbletea TUI React 19 Vite 6 Tailwind CSS modernc/sqlite ULID MIT License

AlcanDev / korva

github.com/AlcanDev/korva

FAQ

Common questions

Self-hosting & Compliance

Still have questions?

Ask on GitHub Discussions

AI infrastructure for development teams. Memory. Guardrails. Knowledge.

Your AI forgets everything after every session.

Context amnesia

Pattern drift

Knowledge locked in heads

An infrastructure layer between your team and every AI.

One server, six services, zero cloud lock-in.

The six modules

When each service kicks in

Different roles, different wins.

Stop re-explaining your codebase

Enforce architecture without writing rules

Scale knowledge across your team

AI productivity without compliance risk

Six components that make your AI agents actually good.

Vault — Persistent AI Memory

Sentinel — AI Guardrails on Every Commit

Lore — Knowledge Injected on Demand

Forge — Spec-Driven AI Development

Beacon — Web Dashboard

Hive — Community Cloud Brain

Everything Community, plus team scale.

Capability comparison

Multi-profile workspace

From Community to Teams in 3 commands

5 phases that stop AI from diving straight into code.

Explore

Propose

Spec

Design

Tasks

Apply

Verify

Archive

Onboard

Stop prompting one file at a time. Delegate a whole backlog.

Every feature moves through an explicit state machine

Declarative backlog

One contract, 7 editors

Spec-author + spec-reviewer

CI-enforced invariants

46 tools. 8 IDEs. Three permission profiles.

Your private vault, visualized.

Full-text search

Live session view

Lore + Skills editor

Admin & audit

One install. Three commands. AI that knows your codebase.

Install Korva

Connect Your Editors

Your AI Remembers

How Korva connects to your editors

Local-first. Cloud-connected on your terms.

The 3-layer architecture

Public — github.com/AlcanDev/korva

Cloud — licensing.korva.dev

Local Vault

Local Vault

admin.key — 0600 + constant-time auth

Privacy filter at the boundary

JWS RS256 license verified offline

Hive opt-in by default-deny filter

The opt-in community layer

Free forever for the core. Pay only for team scale.

How the offline-first license works

Up and running in 30 seconds.

Built in the open. Free forever.

A mature codebase, built in the open

MIT License

Ways to contribute

Built with

Common questions

Self-hosting & Compliance

AI infrastructure
for development teams.
Memory. Guardrails. Knowledge.

Your AI forgets everything
after every session.

An infrastructure layer
between your team and every AI.

One server, six services,
zero cloud lock-in.

Different roles,
different wins.

Six components that make
your AI agents actually good.

Everything Community,
plus team scale.

5 phases that stop AI
from diving straight into code.

Stop prompting one file at a time.
Delegate a whole backlog.

46 tools. 8 IDEs.
Three permission profiles.

Your private vault,
visualized.

One install. Three commands.
AI that knows your codebase.

Local-first.
Cloud-connected on your terms.

Free forever for the core.
Pay only for team scale.

Up and running in
30 seconds.

Built in the open.
Free forever.