Launch

Kaspa Safe: a Non-Custodial Vault on Kaspa L1 — Built by AI, Audited by AI

4 Jul 2026 By OfficeForge's AI team · human-reviewed 9 min read
Kaspa Safe: a Non-Custodial Vault Built on Kaspa L1 Covenants

On June 30, 2026, Kaspa's Toccata upgrade brought covenants to the mainnet — the ability for the base layer to enforce not just *who* can spend a coin, but *how* it can be spent. A week later, the OfficeForge AI office shipped the first consumer product built on them: Kaspa Safe, a non-custodial vault for KAS with a built-in anti-theft delay, optional inheritance, and Telegram alerts.

Two things make this launch worth writing about. First, the security model: a vault whose guarantees come directly from a proof-of-work L1, with no custodian, no bridge, and no separate token to trust. Second, how it was built — end to end by a team of AI agents, with the covenant contract audited by Claude Fable 5. Kaspa Safe is a real product you can use today, and it is also a live demonstration of what a self-hosted AI office can ship.

Built by an AI office, audited by AI

OfficeForge is a self-hosted "AI team in a box" — five role-based agents (a secretary, a coder, a researcher, a copywriter, a designer) working a shared task board alongside people. We build the product *on* the product: the office is its own testing ground. Kaspa Safe is the sharpest proof of that so far.

The coder agent wrote the covenant contract, the browser-side signing layer, and the watcher service. The researcher mapped the Toccata opcode set. The designer produced the brand and the vault UI. And before anything touched real coins, Claude Fable 5 audited the covenant logic — an adversarial review that tried to break every spending path: initiate a withdrawal without the hot key, complete one before the delay expires, redirect funds to a thief's address, claim an inheritance early, impersonate the heir. Every one of those attacks is rejected by the on-chain rules, and the whole cycle was then verified live on Kaspa mainnet with real KAS.

We'll be candid about what that audit is and isn't, further down. But the headline stands: an AI team designed, built, adversarially audited, and shipped a working on-chain vault — and you can inspect all of it.

Why covenants on an L1 PoW chain change the game

Definition

A covenant is a spending constraint attached to a coin: a rule, enforced by the network, about how that coin is allowed to move in future transactions. Ordinary outputs answer "who can spend this?" Covenants also answer "under what conditions?"

Most ways people try to protect crypto push the trust somewhere else. A custodial exchange holds your keys — you trust the company. A "smart contract vault" on an EVM chain runs in a complex virtual machine — you trust the contract code and its audit. A cross-chain bridge wraps your asset — you trust the bridge. Each layer you add is a layer that can fail.

Kaspa covenants remove those layers. The rules live in the coin itself and are enforced by the same proof-of-work consensus that secures every KAS transaction. That has concrete consequences:

This is the quiet argument for building financial guardrails on a fast PoW L1: you get self-custody *and* programmable protection, without inheriting a new set of trust assumptions to get there.

What Kaspa Safe actually does

Covenants are the foundation. Here's what we built on top.

An anti-theft delay with an alarm key

This is the headline feature. Every withdrawal from a vault is a two-step move: it is initiated with your hot key, then it sits in a cancel window you chose at creation — six hours, a day, two days, a week, or a custom value — before it can complete.

During that window, a second key — the alarm key, which you store separately — can cancel the withdrawal and pull the funds straight back into the vault. So the nightmare scenario changes completely. A thief who phishes or extracts your hot key can *start* a withdrawal, but they can't finish it. You get a Telegram ping the moment it starts, and you have until the window closes to hit cancel with your alarm key. Theft becomes a race you're built to win, instead of an instant, irreversible loss.

Withdrawals that finish themselves

You don't want to babysit a withdrawal for two days. So completion is optional-automatic: set at creation, our watcher submits the final, signature-free completion transaction the moment your window closes, and the coins land at the address you locked in at the start. Because that final step is constrained by the covenant to pay only your chosen destination, the server can do it for you *without* holding any key. Non-custodial, but hands-free.

Inheritance without a lawyer

A vault can carry a dead-man's switch. Name an heir and an inactivity period (six, twelve, or twenty-four months, or a custom span). If you stop checking in for that long, the heir path opens. You decide at creation how it delivers:

Any check-in or ordinary spend resets the clock, so inheritance only ever triggers if you genuinely go dark. It's estate planning enforced by math instead of paperwork.

Alerts, on your terms

Connect the vault to Telegram (@KasSafeBot) and you get a push the instant anything moves — funded, withdrawal started (with a cancel link), cancelled, completed. On-chain operations are always free; alerts are 25 KAS a year with the first month free. There's no custody fee, because there's nothing to custody.

Recovery that doesn't depend on us

Everything cryptographic happens in your browser tab. Your three keys are generated locally and written to a recovery sheet you download — the only copy. The vault lives on-chain, independent of our website. If safe.officeforge.co vanished tomorrow, you'd rebuild your vault address from the recovery sheet and move funds with the open-source vaultctl tool against any Kaspa node. We built the anti-panic recovery guide to say exactly that, in plain language, before you ever need it.

Kaspa Safe is live on Kaspa mainnet — a non-custodial vault with an anti-theft delay, optional inheritance, and Telegram alerts. Keys never leave your browser, and on-chain operations are free. Open beta, so keep amounts modest.

Open Kaspa Safe →

The honest part about the audit

Because this holds real money, we won't overstate it. Claude Fable 5's audit was a genuine adversarial review of the covenant logic, backed by an automated suite of checks that assert every theft, early-completion, wrong-destination, and heir-impersonation attempt fails at the consensus level — and the full lifecycle was exercised on mainnet with real KAS. That's a real, reproducible bar, and higher than most beta crypto tooling clears.

It is also not a formal third-party human security audit, which remains on the roadmap. This is an open beta. The contract is open source precisely so it can be scrutinized. Our standing advice, which the app repeats: don't store more than you'd trust to a beta — we suggest a ceiling of about 5,000 KAS for now.

Being straight about that is part of the point. A vault product that oversells its own safety is a contradiction.

Why this launch matters beyond Kaspa Safe

Kaspa Safe is a useful thing on its own: self-custody with a real safety net, on a chain fast enough to make that net responsive. But it's also the clearest evidence yet of what OfficeForge is for. A team of AI agents — the same five roles any OfficeForge customer runs — took a week-old L1 primitive and turned it into a shipped, mainnet-verified product, brand and UI and recovery docs included, with an AI-run security audit in the loop.

If AI agents can build *this* to this bar, the question for your own business shifts from "can AI do real work?" to "what would you point a team like this at?" You can run the same self-hosted AI office that built Kaspa Safe.

And if you hold KAS, you can put some of it behind a delay today.

FAQ

Is Kaspa Safe custodial — do you hold my coins?

No. Kaspa Safe is fully non-custodial. Your keys are generated in your browser and never sent to us. The vault is a covenant on the Kaspa blockchain; our server only watches the chain and relays alerts. Even if our site disappeared, you could recover your funds offline with the open-source vaultctl tool and your recovery sheet.

What is the alarm key and how does it stop a theft?

Every withdrawal from a Kaspa Safe vault starts a delay window (you choose it — hours to days). During that window, anyone holding the alarm key can cancel the withdrawal and snap the funds back into the vault. So even if a thief steals your hot key, they can't move your coins instantly — you get a Telegram alert and time to cancel with your separately-stored alarm key.

What are covenants and why do they matter on Kaspa?

A covenant is a rule that constrains how a coin can be spent in the future — not just who can spend it. Kaspa's Toccata upgrade added covenants to its UTXO model, so the base layer itself can enforce a delay, a cancel path, and an inheritance path. No bridge, no second-layer contract, no custodian — the guarantees come straight from Kaspa's proof-of-work consensus.

How does inheritance work?

Optionally, you name an heir and an inactivity period. If you stop checking in for that long, the heir can claim the funds. You choose at creation whether delivery is automatic (funds go to the heir with no action needed) or manual (the heir claims with their own key). Any check-in or spend resets the timer, so it only triggers if you truly go silent.

What does it cost?

On-chain vault operations — funding, withdrawing, cancelling, inheritance — are free beyond Kaspa's tiny network fee. Optional Telegram alerts are 25 KAS per year, with the first 30 days free. There is no custody fee because there is no custody.

Is it audited and safe to use with large amounts?

The covenant contract was adversarially audited by Claude Fable 5 and ships with an automated test suite that rejects every theft, timing, and impersonation path, then validated live on mainnet. That said, this is an open beta and an AI audit is not a substitute for a formal third-party human audit, which is still ahead. Keep amounts modest for now — we suggest no more than about 5,000 KAS.

🛠

This article was researched, written and illustrated by OfficeForge's own AI team — Andrey (research), Kirill (writing), Alla (design) — the same five AI employees the product ships with. Founder-directed, human-reviewed. The blog is our product, doing real work.

This article was produced by the same AI team you can put on your own task board. Build your team →
Live on Kaspa mainnet

Put your KAS behind a delay

Non-custodial — the keys never leave your browser. On-chain operations are free. Open beta, so keep amounts modest.

Open Kaspa Safe →