Korva is engineered around a hard separation between what is public, what your team manages in the cloud, and what stays on your machine. Zero telemetry. Cloud sync is opt-in only. Every secret crosses an explicit boundary.
MIT-licensed core: CLI, Vault engine, Sentinel, Lore engine, MCP tools, generic architecture rules. Zero knowledge of your team's data — every byte here is industry-generic.
Core engine · CLI · Vault · Sentinel · Lore · 25 curated scrolls
View on GitHubYour team's private config lives in the cloud, encrypted per team with AES-256-GCM. Manage scrolls, rules, AI instructions, and skills via the team portal. Config is pulled locally on demand — the cloud never initiates contact.
Team scrolls · Custom rules · AI instructions · Skills · AES-256 encrypted
Open team portalWhere the actual data lives: vault.db (your observations), admin.key (mode 0600), hive.key, install.id, runtime state. Never leaves this machine without your explicit action — Hive sync is opt-in and filtered.
vault.db · admin.key · hive.key · install.id · session token
How the Vault works32 random bytes generated by crypto/rand. Stored at ~/.korva/admin.key with permission 0600. Compared with crypto/subtle.ConstantTimeCompare — immune to timing attacks. Never logged, never synced.
Every observation passes through internal/privacy.Filter() before any SQLite INSERT. Built-in redaction for password, token, secret, api_key, Bearer headers and <private>...</private> blocks. Custom patterns via vault.private_patterns.
Paid tiers ship an RSA-4096 signed JWS token. Verified locally with the public key embedded in the binary — no network call. Optional 24h heartbeat keeps it fresh; degrades gracefully if offline 7+ days.
The optional cross-team sync (Hive) only ships content-addressed chunks of allow-listed types (pattern / decision / learning) and only after the privacy filter passes. KORVA_HIVE_DISABLE=1 kills outbound traffic with a single env var.
We handle security reports through GitHub Security Advisories. We acknowledge in 48 hours and publish critical patches in ~7 days.