KognitaKognita.
← Back to Overview

A fully managed, secure agent runtime

Every Kognita project gets its own agent runtime — a dedicated, isolated environment that runs Claude Code against your code and connected tools. Kognita hosts it, provisions it, and keeps it up to date. There is nothing to install, host, or maintain.

What the runtime is

When a project has an Anthropic API key and at least one repository, Kognita provisions a runtime for it automatically. That runtime is a self-contained environment where the Claude Code agent runs: it has your repositories on disk, your connected tools wired in, and your project's configuration applied. Your team talks to it through the Kognita dashboard — no local agent, no terminal, no setup on anyone's machine.

Fully managed — what Kognita handles for you

“Managed” means the operational work is done for you. Kognita:

  • Provisions the runtime the moment your project has a key and a repository — no manual deploy step.
  • Clones every repository in the project and keeps them synced as they change, so the agent always works against current code.
  • Wires in your tools — semantic code search, Jira, and database connections — as soon as you configure them, with no restart on your part.
  • Picks up configuration changes continuously, so editing a setting or adding a database connection takes effect within about a minute.
  • Runs version upgrades and infrastructure maintenance for you — the runtime stays current without your involvement.

Isolated per project

Each project runs in its own runtime. Repositories, configuration, credentials, connected tools, and chat history all belong to that one project — nothing is shared with other projects, and nothing is shared across organisations. A credential added to one project cannot be read or used by another.

How credentials stay secure

The runtime is built so that secrets are exposed to as little of the system as possible:

  • Your Anthropic API key is encrypted at rest and used only to run your project’s runtime. It is never shown again after you save it.
  • Database credentials are encrypted at rest and are never placed on the agent itself. They are decrypted only inside a separate, isolated database service at the moment a query runs.
  • Integration tokens — such as Jira credentials — are scoped to the single project they were added to.
  • Each connected tool authenticates with its own token, so access to one tool never implies access to another.

Read more

See Keeping your environment safe for how your Anthropic key is protected and how to set spend limits, and Database MCP for how to connect databases to the agent.

Every database query is logged

When the agent queries a connected database, every call is recorded — which connection it used, the statement it ran, whether it succeeded, and how long it took. Database access through the agent is read-only and row-limited by design. The result is a full audit trail you can review, so you always have visibility into what the agent has done with your data.

Built for the whole team

Because the runtime is hosted and managed, using it does not require a developer setup. Anyone on the team — product, support, operations — can open the project in the browser and ask questions about the codebase and connected data. There are no per-person installs and no local environments to keep in sync.

← OnboardingSemantic layer →