What does 'kavachOS' mean?

kavachOS is a portmanteau of 'kavach' (Sanskrit for 'armor') and 'OS' (operating system). The name describes the library's role: an operating layer that shields every identity, call, token, and delegation in an application.

How is 'kavach' pronounced?

Ka-vach. In Sanskrit (कवच), it means 'armor': the layered, protective armor warriors wore into battle.

A TypeScript library for authentication and authorization, covering both AI agents and human users. It provides identity, permissions, delegation chains, audit trails, and MCP OAuth 2.1 in a single package. MIT licensed, edge-native.

00/Use case · AI startups

Auth built the way AI startups actually ship.

Most AI startups bolt a shared API key onto their agent and ship. KavachOS gives each agent its own identity, scoped permissions, and an audit trail without a dedicated platform engineer. Free up to 1,000 MAU. MIT licensed. Runs on Cloudflare Workers, Vercel, Node, Bun, Deno.

Start free Read the quickstart

01/TL;DR

Three things that matter.

One afternoon to production

Install the npm package, add middleware to your framework, point env vars at KavachOS Cloud. Your LLM calls start carrying scoped tokens.

Agent identity out of the box

Every agent gets a cryptographic subject, a parent user, a scope subset, and an audience claim. No glue code required.

Pricing that survives your seed round

Free to 1,000 MAU, $29 for 10,000, $79 for 50,000. No per-agent fee, no M2M surcharge, no organization tax.

02/The problem

The auth stack most AI startups ship with.

You glued OpenAI calls into a Next.js app, added Clerk for human login, and stored a single API key in an env var so your agent could call your own backend. It works for demo day. It breaks the first time you try to ship to customers.

One API key for every agent

A single leaked prompt or misrouted log line exposes the key that every agent in the system shares.

No audit trail per agent

When a customer asks 'which agent did this', the only honest answer is 'our service account'.

Auth vendor pricing breaks at 10k MAU

Auth0 Essential is $240 per month at 10,000 MAU. Clerk Pro is $250. Neither includes machine tokens.

Scopes live in a prompt template

The only thing stopping the agent from calling a dangerous tool is a line in the system prompt. That is not authorization.

03/How kavachOS fits

Scoped identity, delegation, audit. Shipped as primitives.

KavachOS was designed for the class of app where a user signs in once and then delegates to an agent that keeps running. Every primitive assumes that shape.

Identity

Every agent gets its own subject

Instead of reusing the user's session, you mint a delegation token bound to one agent, one tool server, and one TTL. The token carries the parent user, the scope subset, and an audience claim. Revoking one agent does not log the user out.

Primitive 01

Scopes

Scopes are enforced at the tool server

Authorization is a signature check, not a prompt instruction. The tool server verifies the token, the scope, and the audience before running the handler. If the scope is missing, the call fails before the handler sees it.

Primitive 02

Audit

Every delegation hop is logged

Parent user, child agent, scope delta, resource, outcome. When a customer asks who did what on their account, you answer with a query, not a shrug.

Primitive 03

Revocation

Kill the parent, every agent stops

Offboarding a user is a single revoke call. Downstream agent tokens stop verifying the next time they hit a resource server. No orphaned credentials.

Primitive 04

Adapters

First-class adapters for the stacks you actually use

Next.js App Router, Hono on Cloudflare Workers, Express, Remix, Fastify. Plus a Vercel AI SDK helper that attaches the delegation context to tool calls.

Primitive 05

04/In code

The minimum you need to write.

Full examples with framework adapters live in the docs. This is the shape of what you wire into your app.

Open the quickstart

agent-login.ts

typescript

Exchange a user session for a scoped agent token. The agent token is what you pass to your tool server.

import { kavachos } from "kavachos";

const agent = await kavachos.delegate({
  parent: session.user,
  audience: "https://tools.example.com",
  scopes: ["inbox:read", "calendar:write"],
  ttlSeconds: 600,
  reason: "draft_weekly_summary"
});

// agent.token carries subject, parent, scopes, aud.
// Pass it to your tool server as a Bearer.
await fetch("https://tools.example.com/draft", {
  headers: { Authorization: `Bearer ${agent.token}` }
});

< 1 hr

Time to first agent token

Up to 1,000 MAU

27+

OAuth providers bundled

MIT

License on the core lib

05/Before / after

The difference shows up in the audit log.

Without scoped identity

one api key for every agent
no audit trail per agent
auth vendor pricing breaks at 10k mau

With kavachOS

every agent gets its own subject
scopes are enforced at the tool server
every delegation hop is logged

We replaced a shared service account with KavachOS delegation in a single sprint. The audit log alone paid for the migration the first time a customer asked what our scheduling agent was doing on their calendar.

Engineering lead· AI scheduling startup, seed stage

06/FAQ

What teams building for ai startups usually ask.

Short answers. Link out to the docs if you want the long version.

How is this different from just using Clerk or Auth0?

Clerk and Auth0 authenticate humans. They have no first-class concept of an agent subject with a parent, a scope subset, or an audience claim. You can simulate delegation with JWTs on top, but the audit model, revocation model, and pricing model all assume one human per session. KavachOS treats delegation as the default.

Can I keep my existing human auth and just add agent tokens?

Yes. KavachOS exposes a delegation endpoint that takes any signed session token or OIDC id_token from your existing provider. If you are on Clerk, NextAuth, or Auth0 today, you can mint agent tokens on top without replacing your human login.

Does this work with the Vercel AI SDK and LangGraph?

Yes. We ship a helper for the Vercel AI SDK that attaches the delegation context to each tool call, and a LangGraph middleware that does the equivalent for LangGraph nodes. Both pass the scoped token through to downstream tool servers.

What runtime does KavachOS support?

Node 18 and up, Bun, Deno, and Cloudflare Workers. The core library has zero native dependencies and compiles to the edge. If you are on Vercel Edge Functions or Cloudflare Workers, the auth middleware runs in the same request.

What happens at 50,000 MAU?

You are on the Growth plan at $79 per month. That includes agent identity, SSO (SAML, OIDC), SCIM provisioning, priority support, and a 99.9% SLA. There is no per-agent fee and no M2M surcharge. The next tier is Scale at $199 for 200,000 MAU.

Is the library actually open source?

Yes. The core kavachos npm package is MIT licensed and lives at github.com/kavachos/kavachos. The managed cloud is a separate product that runs the library as a service with a dashboard, billing, and hosted OAuth. You can self-host the library at any time.

07/Related reading

Keep going.

On kavachos.com

Ship agent auth before your next launch.

Free up to 1,000 MAU, no credit card. MIT licensed core. If you outgrow the cloud, self-host the same library on your infrastructure.

Join early access Read the docs Star on GitHub