Kaspa Forge OfficeForge
Documentation

How Kaspa Forge works

Kaspa Forge is three non-custodial services on the Kaspa L1 blockchain — a vault, an escrow and a marketplace — driven by one encrypted profile that never leaves your browser. These pages explain, in plain language, how each service works and exactly what keeps your funds safe.

The one idea everything is built on: covenants

A covenant is an on-chain script that fixes in advance where coins are allowed to go. Kaspa's Toccata upgrade (live on mainnet since June 30, 2026) made such scripts possible on the Kaspa L1 — no tokens, no bridges, plain KAS locked by rules.

Every Kaspa Forge service is a covenant with a short, fixed list of exits. A vault coin can go back to the vault, to the address a withdrawal was started to, or to the heir — nowhere else. An escrow coin can go to the buyer, the seller, or the visible service fee — nowhere else. If a transaction tries any other destination, the Kaspa network simply rejects it: there is no such path in the script. That is why we don't need your trust — and can't abuse it.

The four pieces

Desk & keysYour control room and key store: a password-locked, age-encrypted profile in your browser. One exported key file is a lifetime backup for every vault, deal and listing. How the Desk works ▸
Kaspa SafeA personal KAS vault where every withdrawal waits out a delay you set, a separate alarm key can cancel a theft in progress, and an optional dead-man switch passes the vault to an heir. How Safe works ▸
Kaspa EscrowP2P deals where the money sits in an on-chain covenant, the deal chat is end-to-end encrypted on-chain messaging, and even the dispute arbiter can only route funds to the buyer or the seller. How Escrow works ▸
MarketplaceListings priced in KAS where the Buy button doesn't pay the seller — it opens an escrow deal with the listing's terms. How the Market works ▸

The security model in five claims

Each claim is explained in depth on the service pages; this is the map.

  1. Keys are generated in your browser and never leave it. The server receives public keys, public parameters and signed transactions — never a private key, never your password. We physically cannot move your funds; nobody at OfficeForge can.
  2. The rules live on-chain, not on our servers. Vault delays, escrow outcomes and timeouts are enforced by the Kaspa network itself. If our website disappeared tomorrow, your vault still works (open-source vaultctl against any Kaspa v2+ node) and every escrow resolves itself by timeout. Losing us costs you a website, not your money.
  3. Every privileged party is boxed in by the covenant. Our watcher can broadcast keyless transactions — but those paths hard-wire the destination (a matured withdrawal only to its fixed address, an inheritance only to the heir). The escrow arbiter signs verdicts — but no path in the script pays the arbiter or any third party.
  4. The server sees public data and ciphertext only. Vault registrations are public parameters; deal chats are end-to-end encrypted (the relay stores what it cannot read); a chat key is revealed only if you open a dispute — and that key can't move money.
  5. The claims are verifiable. The covenant contracts (vault.sil, escrow.sil), the recovery CLI, the offline key-file decryptor, the web front-end and the Android app are open source: github.com/pcdoctormsk-ctrl/kaspa-safe. Don't trust this page — check it.
The honest boundary. Kaspa Forge is an open beta: the contracts passed our full on-chain test cycle and adversarial attacks, but an external audit is still ahead. Keep vaults under ~5 000 KAS and deals within 50–10 000 KAS — don't trust a beta with more than you'd forgive it. And one boundary no contract can cross: a covenant guarantees funds can't be stolen; whether a disputed deal's verdict is fair is the work of a human arbiter reading your evidence.

What we will never ask for

Not your Desk password, not a private key, not a seed phrase, not your master key file — not in chat, not by email, not "for verification". Anyone who asks is a scammer. Keys are entered only on kaspaforge.org (check the address bar) or in the offline open-source tools.

Guides & policies

RecoveryRecover a Safe (theft response, heirs, offline vaultctl) · recover an escrow deal — both work even without this website.
PrivacyKaspa Safe privacy · Escrow & Marketplace privacy — exactly what the server stores, and how to have it deleted.
Source codegithub.com/pcdoctormsk-ctrl/kaspa-safe — contracts, recovery tools, web, Android.
Contactkaspa@officeforge.co — bugs, questions, anything the chat widget couldn't answer.