1990 · legacy
KYC
Know Your Customer
- Verifies a human
- Required by AML / banking regs
- Point-in-time only (registration)
- Has nothing to say about agents acting for the human
- No machine-readable contract
v1.0 · open standard · banking-grade
The trust layer for the agentic economy.
Every action your agents take should be identified, authorised, audited and revocable — in one open contract. KYE Protocol™ unifies KYC, KYB and KYA into a single cryptographic record of who acted, on whose behalf, with what authority, under what scope, with what evidence.
0
OpenAPI endpoints
0
Conformance fixtures
0
Tests passing
%0
Audit chain integrity
Quickstart · ship in 5 minutes
Three SDKs. One authorize call.
Pick a language. Drop in the SDK. Ask the gateway whether the action is allowed. Every response is a verifiable decision your auditors can replay.
// npm i @kye/sdk import { KyeClient } from "@kye/sdk"; const kye = new KyeClient({ baseUrl: "https://gw.example/v1" }); const decision = await kye.authorize({ actor: { entity_id: "kye:ent:acme:ai_agent:01J..." }, acting_on_behalf_of: { delegation_id: "kye:del:acme:01J..." }, action: "document.render", }); if (decision.decision !== "allow_with_constraints") throw new Error(decision.reasons.join(",")); // → { decision: "allow_with_constraints", obligations: ["audit.emit"], // stop_conditions: ["actor.stop_signal","delegation.revoked",...] }
# pip install kye-sdk from kye_sdk import KyeClient kye = KyeClient(base_url="https://gw.example/v1") decision = kye.authorize({ "actor": {"entity_id": "kye:ent:acme:ai_agent:01J..."}, "acting_on_behalf_of": {"delegation_id": "kye:del:acme:01J..."}, "action": "document.render", }) assert decision["decision"] == "allow_with_constraints", decision["reasons"]
// go get github.com/kye-protocol/sdk-go package main import ( "context" "github.com/kye-protocol/sdk-go/pkg/kye" ) func main() { c := kye.NewClient("https://gw.example") d, err := c.Authorize(context.Background(), kye.AuthorizeRequest{ Action: "document.render", Actor: kye.Actor{EntityID: "kye:ent:acme:ai_agent:01J..."}, }) if err != nil { panic(err) } // d.Decision == "allow_with_constraints" _ = d }
# Plain HTTP — no SDK required curl -X POST https://gw.example/v1/runtime/authorize \ -H 'content-type: application/json' \ -H 'idempotency-key: 8c4a-...' \ -d '{ "actor": { "entity_id": "kye:ent:acme:ai_agent:01J..." }, "acting_on_behalf_of": { "delegation_id": "kye:del:acme:01J..." }, "action": "document.render" }' # → { "decision":"allow_with_constraints", "reasons":["delegation_active","scope_match"], ... }
Why it matters
Stop guessing what your agents did. Prove it.
Today, one AI agent calls five services with five identities and zero shared policy. Stop signals stay inside their silo. Audits become archaeology. With KYE Protocol™, the same agent gets one URN, one policy decision per action, one append-only record — and one signal that revokes the whole chain in milliseconds.
Without KYE™
Agents, models & tools acting in the dark
No shared ID, no shared policy, no audit. Stop signals don’t cross system boundaries. Forensics are forensic guesses.
With KYE™
Identity, decision, proof — on every call
Same scenario routed through the protocol: PDP authorizes, audit chain captures, signal bus cascades, proof bundle exports.
▶ Plays in lockstep with the “before” pane
Beyond KYC · KYB · KYA
The trust stack you have was built for a different era.
KYC verified your customers in 1990. KYB verified your business counterparties in 2010. KYA — Know Your Agent — just started shipping in 2026 (Visa Trusted Agent, Skyfire, Persona, Sumsub, Trulioo). Each new layer is bolted on. Each is siloed. Each is point-in-time. Each is vendor-locked. KYE Protocol™ is the open contract that finally unifies all four — and adds the things every previous layer missed: continuous verification, cascading revocation, and a chain of delegation that proves the human is still on the hook when the agent is the one acting.
2010 · legacy
KYB
Know Your Business
- Verifies a legal entity
- Maps UBOs and counterparties
- Static onboarding; no real-time signals
- Doesn’t speak to workflows the business runs
- Siloed from KYC; reconciliation is manual
2026 · emerging
KYA
Know Your Agent
- Cryptographic agent identity (AID)
- Per-agent spend caps (TXG)
- Vendor passports (Visa, Skyfire, Persona)
- Vendor-specific — Visa, Skyfire, Persona, Sumsub each ship their own
- Agent-only; doesn’t cover services, models, tools, workflows
- No unified URN across entity classes
- No cascade: revoking the agent leaves orphan grants
★ open standard
KYE™
Know Your Entity™
- Every entity — human, business, agent, service, model, tool, workflow — one URN format
- Delegation chain binding agent → business → human, with attenuable scope
- Continuous via signal bus; revocation cascades in milliseconds
- Open + interoperable: composes with KYC/KYB/KYA vendors, not a replacement
- Append-only audit chain + Ed25519 proof bundles for regulators
The pattern. KYC asks who is this person? KYB asks what is this company? KYA asks which agent is this?
Real agentic transactions need all three answered at once — plus “under whose authority,” “within what scope,” “with what evidence,” “and is the answer still true 200ms later when the next call arrives?”
That’s what KYE Protocol™ standardises — once, openly, for every system in the stack.
KYA references · Visa Trusted Agent Protocol · Persona — KYA glossary · Sumsub Agent Verification · Skyfire · Trulioo / PayOS Digital Agent Passport · Billions Network
Interactive trust graph
See exactly who can act for whom — live.
Every entity, every delegation, every scope, every resource grant in one queryable graph. Click a node for its full record. Drag, zoom, toggle layers. Revoke a delegation: watch the edge break and the dependent agent turn red. This is what your auditors get.
Cascade visualizer
Compromise an agent? Stop it once. Stop it everywhere.
A single signal on the KYE™ bus propagates through every dependent delegation, payment authority and resource grant within milliseconds. Recursive through parent_delegation_id. No orphaned authority. No stale grant. No "we missed one".
Live signal feed
Live decision dashboard
What is your fleet doing right now?
Allow rate, deny rate, approval queue depth — in one view. The reference Gateway streams decisions to the bus; any dashboard, SIEM or Slack channel can subscribe. Counters below run a synthetic workload to show the shape.
Decisions per minute
Synthetic workload
Total decisions
0
+0
Allow + AllowWithConstraints
0
+0
Require approval
0
+0
Deny
0
+0
Distribution
Outcome share
0%
Allow rate
Decision walkthrough
Every action, a recorded decision — not a guess.
Pick a scenario and watch the request travel through PEP, ePDP, central PDP, audit chain and signal bus. Allowed actions go green. High-risk actions get held for human approval (amber). Forbidden actions go red — with the exact reason code your compliance team needs.
Resulting decision
—
Who it's for
Built for teams where a wrong agent decision is a regulator visit.
If your agents touch money, identity, health data or anything regulators care about, you can’t hand them an OAuth token and hope.
Banks & payment platforms
PSD3, FFIEC, RBI, MAS — every regulator now asks “was the agent authorised, by whom, within what limit?”
KYE Protocol™ gives you a payment authority chain, scope-bound caps, sPDP gating, signed proof bundles for every auth. Use the Payments profile.
AI labs & agent platforms
Your agent does something destructive. The user asks you to prove it wasn’t supposed to.
KYE Protocol™ gives every action a policy_decision_id, a delegation chain back to a human, and a stop signal that revokes the agent everywhere at once.
Healthcare systems
An AI triages a patient’s record. HIPAA wants the consent chain. The hospital wants the redaction trace.
KYE Protocol™ binds the agent to the consent credential, attaches redaction.required and external.send.block obligations, and records the lot in the audit chain.
Custodians & treasury
An autonomous treasury bot rebalances. Auditors need to see authority, scope, attestation, decision — not just “the bot did it.”
Combine the Custody and Attestation profiles. Workload attestation binds the runtime; payment authority binds the wallet; audit chain binds the timeline.
Regulators & auditors
You are asked to certify something built on six different vendors’ agent stacks.
Every conformant gateway exports the same proof bundle format. Verify Ed25519 signatures with public keys; replay the audit chain; re-derive the decision. One contract, every vendor.
Platform teams
Identity, authz, audit, signals, webhooks — six teams, six tools.
One PEP middleware. One ePDP cache. One signal bus. Wire your existing OAuth, SPIFFE, MCP and KYA vendors into the contract instead of replacing them.
Design-partner logos coming soon.
Banking, payments, AI lab, healthcare and custody integrators are integrating against the v1.0 contract. Want to be on this strip? Drop a note in Show & Tell.
Where it sits in your stack
MCP and OAuth solve parts. KYE™ solves the whole identity-authority-audit problem.
MCP and A2A handle agent communication. OAuth and GNAP do human authorization. SPIFFE does workload identity. SCITT does transparency. KYE Protocol™ is the contract layer that composes them — one URN, one delegation chain, one decision vocabulary, one cascade, one audit chain.
↔ scroll horizontally to see all columns
Universal identity
One URN. Every record. Every system.
No more reconciling 14 ID systems across 14 vendors. Every entity, delegation, signal, decision, credential and proof bundle uses the same kye:<class>:<trust-domain>:<subclass>:<local> shape. Type below or click a sample to see the parser break it down.
Profiles for every sector
Banking, healthcare, custody — no rewrites required.
Core handles 90% of the contract. The other 10% — payment caps, healthcare consent, custody attestation — is in profiles. Adopt only what you need. Each profile adds vocabulary and conformance fixtures; the Core surface never shifts under your feet.
Lifecycle simulator
Every entity has 15 well-defined states — and only legal transitions.
Click through them. Try an illegal move (the protocol blocks it). Stop, quarantine or revoke an entity and watch the cascade roll down to its delegations, payment authorities and resource grants.
Current state
—
status: —
Cascaded effects
Signal log
Shared vocabulary
Two systems mean the same thing when they say
Two systems mean the same thing when they say allow_with_constraints.
70+ public terms covering entity types, actions, lifecycle states, decisions, signals, obligations, stop conditions and reason codes. Browse by category, search by name. Every term is in KYE-Protocol/vocabulary.
FAQ
Questions teams ask on the first call.
What problem does KYE Protocol™ actually solve?
Agentic systems are reaching production faster than identity, authorization and audit can keep up. Today an AI agent calls five services with five different identities; stop signals don’t cross system boundaries; auditors can’t reconstruct what happened. KYE Protocol™ gives every actor — human, service, agent, model, tool, workflow — a single URN, one delegation chain, one decision vocabulary, one cascade and one append-only audit chain. So “who acted, on whose behalf, with what authority, under what scope, with what evidence” has the same answer in every system.
How is this different from MCP, A2A, OAuth, SPIFFE or SCITT?
They solve slices. MCP and A2A are agent communication. OAuth and GNAP are human authorization. SPIFFE is workload identity. SCITT is transparency. None give you one URN format spanning humans + services + AI agents, a first-class delegation chain with attenuable scope, standard decision codes, cascading stop signals and a hash-linked audit chain in a single open contract. KYE Protocol™ is that contract layer; it composes with the others.
How is KYE™ different from KYA (Know Your Agent)?
KYA frameworks — Visa Trusted Agent, Skyfire, Persona, Sumsub, Trulioo’s Digital Agent Passport — verify an AI agent once, at onboarding, with a vendor-specific passport. KYA answers “is this agent real?” KYE Protocol™ answers the bigger question every minute the agent is alive: who is acting, on whose behalf, with what authority, under what scope, with what evidence? KYE Protocol™ is the open contract that unifies KYC, KYB and KYA — one URN spanning humans, businesses and agents; one delegation chain binding them; one cascading bus revoking the chain when something goes wrong. KYA vendors slot in as credential issuers inside KYE Protocol™; the protocol takes care of everything that happens after issuance.
Is it production-ready?
v1.0 ships an OpenAPI spec with 57 endpoints, JSON Schemas validated against 27 examples, a reference Gateway, an embedded PDP library, an Express PEP middleware, three SDKs (TypeScript, Python, Go) and 26 conformance fixtures. Sectoral profiles cover Federation, Credentials, Attestation, Signals, Transparency and Payments. Apache 2.0.
What does “cascade revoke” actually do?
One signal on the bus — entity.stop, delegation.revoked, credential.revoked — propagates through the trust graph in milliseconds. Dependent delegations are suspended. Payment authorities are revoked. Resource grants are withdrawn. Recursive through parent_delegation_id. No orphaned authority. No stale grant. The lifecycle simulator and cascade visualizer above are live demos of the same logic the reference Gateway runs.
Who is using this today?
The reference implementation, conformance suite and SDKs are public on github.com/KYE-Protocol. Public adopters are listed on the org profile as they go live. Banking, payment, custody and AI lab integrators are encouraged to share their integrations in Show & Tell.
Is the protocol patented?
The vocabulary, URN format, schemas and OpenAPI surface are openly published under Apache 2.0 and are intended to remain royalty-free for conformant implementations. Specific mechanism designs (decision algorithms, hash-chain construction, cascade ordering, attenuation propagation) sit in a separate patent track and are not disclosed in the public repositories.
How do I get involved?
Open a discussion in KYE-Protocol/Discussions — ask a question, propose a profile RFC, share an integration. File issues against the relevant code repo. Watch the org for new profile drops.
Open repositories
Read the source. File the issue. Ship the integration.
Apache 2.0. Drop in, fork, extend. The mechanism designs (decision algorithms, hash-chain construction) are in a private patent track; the vocabulary, ID format, schemas, examples and reference Gateway behaviours are open and stable.
vocabulary
Entity types, actions, lifecycle states, decisions, signal types.
id-format
Canonical KYE™ URN scheme + parsing rules.
examples
Validated JSON examples for every public schema.
discussions community
Q&A, RFCs, profile proposals, integration help. Public.
org profile
Public-facing org profile, mission, governance.