Security and Compliance

Kothar builds the Forge with research-grade security controls so teams can focus on discovery while keeping data protected. The highlights below describe how we safeguard workspaces, agents, and supporting services.

Platform and Data Protection

• Encryption: all traffic between the Workshop, agents, and Kothar APIs is encrypted in transit using TLS 1.2+ with modern ciphers. Customer data stored in Forge services is encrypted at rest.
• Isolation: each workspace operates within isolated namespaces. Files and execution artifacts are scoped to the workspace that created them.
• Authentication and authorization: user access relies on secure, token-based authentication. Role assignments determine which workspaces users can open and which administrative tasks (such as creating agents) they can perform.

Agent Security

• Secure channel: personal agents establish outbound, mutually authenticated connections to https://api.kotharcomputing.com/. No inbound ports need to be opened on the host machine.
• Integrity: agent images and runtime layers are signed. The agent verifies every component before execution, preventing tampering or downgrades.
• Least privilege: agents run in containers separate from the host user environment. Users can enforce additional Docker resource or capability limits to match local policies.

Operational Practices

• Monitoring and logging: Kothar monitors the Forge platform for availability, security events, and anomalous behavior. Internal logs capture audit trails for key actions.
• Incident response: dedicated on-call responders investigate and remediate incidents. Customers are notified if an event affects their data or availability.
• Updates: platform services and agents receive regular security updates. Agents self-update when new versions are released, and teams can restart them on demand.