Frequently asked questions
Answers to the obvious objections
vs other tools
Q. How is this different from Vercel or Supabase?
Kraph covers the same shipping loop (frontend + backend + auth + data), then adds Forge + MCP, x402 per-call metering, independent operators, and confidentiality controls for production paths. It is an independent project built around compatible open-source components.
Q. What is Forge?
Forge is Kraph’s in-browser AI builder for full-stack apps. You iterate on UI + logic while targeting the same Postgres/Auth/Storage/Functions stack provisioned by the network. Open it at forge.kraph.com/build.
Q. Is Kraph a Supabase competitor?
Kraph is not Supabase, but it is Supabase-compatible by orchestrating the same open-source components many teams already use. The differentiation is the bundle: AI builder + agent provisioning + stablecoin-metered tool calls + encrypted replication + decentralized placement + attested hardware options.
Q. How is this different from AI app builders that only ship frontend?
Kraph combines builder flow with production backend primitives: Postgres, auth, realtime, storage, edge functions, encrypted secrets, optional x402 metering via MCP, encrypted replication, and independent node supply.
security & secrets
Q. Can Kraph or node operators read my API keys and secrets?
Secrets are encrypted at rest on nodes. On mainnet SEV-SNP placement, plaintext is intended to exist only in attested runtime paths during apply; on devnet, assume operators could observe brief decrypt windows. The gateway remains part of today’s trust boundary for orchestration and some auth/payment flows; see the whitepaper.
Q. Which AI model does Forge use? Can I pick my own?
Forge uses a built-in assistant today. Coming soon, you can choose your model (Claude, Codex, Gemini, or compatible endpoints) inside Forge.
For backend integrations, keep provider keys in function-scoped secrets via kraph_set_env.
Q. How are API keys and third-party tokens protected?
Store them in function-scoped env vars with kraph_set_env (encrypted at rest). On mainnet attested placement, plaintext exists only briefly in runtime apply paths.
Continue least-privilege practices: rotate keys, scope tools, and audit agent access.
Q. Can an existing app or agent use Kraph?
Yes. Kraph is a backend/hosting layer: connect to provisioned URLs + keys. Typical flow is kraph_provision through MCP or Forge-first, then swap env vars/endpoints like any Supabase-shaped project.
Q. How do secrets and env vars get handled?
Env rows are stored encrypted at rest and applied at runtime. Mainnet attested placement reduces host-memory exposure; devnet should be treated as non-confidential.
kraph_list_env returns key fingerprints by default; include values only when explicitly requested.
network & payments
Q. Why does this need Solana?
Solana provides wallet identity, low-cost USDC settlement, and programmable registry rails so agents can pay one infrastructure action at a time via x402.
Q. Where does the DePIN part show up?
Infrastructure is supplied by independent nodes. Kraph coordinates placement, payment, encrypted replication, and attestation checks while keeping a familiar Postgres/Supabase-shaped developer surface.
Q. Isn't a distributed database impossible with CAP?
Kraph is not a distributed database. Each workload gets a single primary Postgres instance; decentralization applies to placement, settlement, and encrypted replication/backups.
Q. What if a node dies?
Encrypted WAL segments replicate to multiple nodes. If a primary fails, recovery replays from encrypted backup on reassigned infrastructure.
Q. Is this actually fast?
Provisioning is designed for fast startup versus traditional hosted project bootstraps, and ongoing query latency is whatever the underlying Postgres + API path deliver on selected nodes.
Q. What do you mean by privacy-first hosting?
Access is wallet-authenticated instead of card-account first. Billing identity and workload confidentiality are separate layers; confidentiality depends on encryption + placement tier.
Q. Can the node operator read my data?
On attested mainnet placement, host visibility is reduced by hardware memory encryption plus measurement checks before placement. On devnet, assume operators may inspect runtime state.
Q. Do I need crypto as an end user?
Developers using MCP today use wallets (or Privy) for x402 settlement. End-user product experiences may abstract wallet handling over time.
Q. How do node operators get paid?
Approved operators receive USDC vendor payments for delivered infrastructure under service terms and compliance checks.