Does anyone have recommendations for how to protect a Kotlin desktop application from being reverse engineered? Proguard is an obvious step. What else?

Proguard and such help a bit but won't prevent your app from being reverse engineered. It just makes it slightly harder. Compiling to native code goes a step further in complexity but it's also not perfect. I would personally not bother :)

there are paid obfuscator such as zkm which is good, for me I use my own