Skip to main content

Security and Compliance

Kothar builds the Forge with research-grade security controls so teams can focus on discovery while keeping data protected. The highlights below describe how we safeguard workspaces, agents, and supporting services.

Platform and Data Protection

  • Encryption: all traffic between the Workshop, agents, and Kothar APIs is encrypted in transit using TLS 1.2+ with modern ciphers. Customer data stored in Forge services is encrypted at rest.
  • Isolation: each workspace operates within isolated namespaces. Files and execution artifacts are scoped to the workspace that created them.
  • Authentication and authorization: user access relies on secure, token-based authentication. Role assignments determine which workspaces users can open and which administrative tasks (such as creating agents) they can perform.

Agent Security

  • Secure channel: personal agents establish outbound, mutually authenticated connections to https://api.kotharcomputing.com/. No inbound ports need to be opened on the host machine.
  • Integrity: agent images and runtime layers are signed. The agent verifies every component before execution, preventing tampering or downgrades.
  • Least privilege: agents run in containers separate from the host user environment. Users can enforce additional Docker resource or capability limits to match local policies.

Kai and Workspace Context

Kai operates within the current workspace and uses context that is relevant to the request, such as the active editor, selected output, workspace files, documentation, and durable workspace preferences. File edits remain user-controlled: Kai prepares or applies changes only when the user asks for edits or enables the Workshop option that allows Kai to edit files.

Operational Practices

  • Monitoring and logging: Kothar monitors the Forge platform for availability, security events, and anomalous behavior. Internal logs capture audit trails for key actions.
  • Incident response: dedicated on-call responders investigate and remediate incidents. Customers are notified if an event affects their data or availability.
  • Updates: platform services and agents receive regular security updates. Agents self-update when new versions are released, and teams can restart them on demand.