Skip to content

FAQ

Jump to bottom
Akshay Sharma edited this page Mar 14, 2026 · 2 revisions

🛠️ Kavach Technical FAQ

1. Is Kavach a Sandbox or a Firewall?

Both. Kavach operates as a hybrid security layer. While a traditional firewall blocks network traffic, Kavach blocks unauthorized state changes.

It utilizes low-level Rust OS hooks to monitor file system events and process spawns in real-time, acting as a tactical gatekeeper between your AI agent and your Kernel.

2. How does the "Phantom Workspace" work?

When an agent is flagged as Untrusted, Kavach utilizes Dynamic Path Redirection.

  • The Process: If the agent attempts to write to C:/Projects/MyProject/src/main.rs, Kavach intercepts the system call at the OS level and redirects the operation to a hidden, temporary directory: AppData/Local/Kavach/Phantom/src/main.rs.
  • The Deception: The agent receives a "Success" signal from the OS, allowing it to continue its logic loop without realizing it has been "ghosted." Your original source code remains untouched and pristine.

3. Does Kavach send any of my data to the cloud?

Absolutely not. Kavach is built on a Zero-Cloud Architecture.

  • All telemetry data, file caches for Temporal Rollback, and audit logs are stored in a local, encrypted SQLite database on your machine.
  • The application runs entirely offline. Even the "Direct Line" feedback module only transmits data you explicitly choose to share.

Privacy is the core mission of Kavach.

4. What is the "Turing Protocol"?

Modern multimodal AI (like GPT-4o or Claude 3.5) can "see" your screen and "click" buttons using RPA. To prevent a rogue AI from simply clicking "Approve" on a Kavach alert:

  • Synthetic Block: Kavach's Rust backend filters and rejects all input events flagged by the OS as LLMHF_INJECTED or synthetic.
  • Visual Blinding: The alert UI utilizes adversarial noise patterns and dynamic CSS shifting. These are easy for humans to read but are specifically designed to trigger hallucinations in AI vision models, preventing the AI from "reading" the prompt.

5. Why is the installer flagged by Windows or macOS?

This is a False Positive. Because Kavach is a low-level security tool that monitors other processes, Windows Defender and macOS Gatekeeper identify this behavior as "suspicious" for an unsigned binary.

Solution: You can safely bypass this by clicking "More Info" -> "Run Anyway" on Windows, or allowing it via "System Settings > Privacy & Security" on macOS.

🛡️ Kavach Wiki

🔗 Resources

Status: PERIMETER SECURED

Clone this wiki locally