{ "$schema": "https://modelcontextprotocol.io/schemas/server-card-v0.json", "serverInfo": { "name": "kye-protocol-reference", "version": "1.0.0", "vendor": "KYE Protocol", "title": "KYE Protocol Reference Gateway", "description": "Reference KYE Protocol Gateway exposing entity registration, delegations, capability grants, runtime authorize, audit chain, recovery flow, and webhook signing as MCP tools." }, "transport": { "type": "http", "endpoint": "https://kye-protocol.github.io/mcp", "_comment": "Live deployments substitute their own MCP transport URL. The reference deployment is illustrative." }, "capabilities": { "tools": { "listChanged": true }, "resources": { "subscribe": true, "listChanged": true }, "prompts": { "listChanged": false }, "logging": {} }, "tools": [ { "name": "kye.register_entity", "title": "Register entity", "description": "Register a new entity (human, business, ai_agent, service, model, tool, workflow). Returns the entity URN.", "inputSchema": { "type": "object", "required": ["entity_type"], "properties": { "entity_type": { "type": "string", "enum": ["human", "business", "ai_agent", "service", "model", "tool", "workflow"] }, "display_name": { "type": "string" } } } }, { "name": "kye.create_delegation", "title": "Create delegation", "description": "Create a delegation: actor may act for subject, granted by delegator, within scope, for allowed_actions.", "inputSchema": { "type": "object", "required": ["actor_entity_id", "subject_entity_id", "delegator_entity_id", "allowed_actions"], "properties": { "actor_entity_id": { "type": "string" }, "subject_entity_id": { "type": "string" }, "delegator_entity_id": { "type": "string" }, "allowed_actions": { "type": "array", "items": { "type": "string" } }, "scope_id": { "type": "string" } } } }, { "name": "kye.authorize", "title": "Runtime authorize", "description": "Ask the PDP whether actor may take action. Returns a signed PolicyDecision with reason codes and obligations.", "inputSchema": { "type": "object", "required": ["actor_entity_id", "action"], "properties": { "actor_entity_id": { "type": "string" }, "action": { "type": "string" }, "subject_entity_id": { "type": "string" }, "delegation_id": { "type": "string" }, "context": { "type": "object" } } } }, { "name": "kye.invoke_capability", "title": "Invoke capability", "description": "Invoke a registered capability (skill / tool / mcp_tool / function / connector / playbook / model_profile). Gated by capability grants and runtime PDP.", "inputSchema": { "type": "object", "required": ["capability_id", "actor_entity_id"], "properties": { "capability_id": { "type": "string" }, "actor_entity_id": { "type": "string" }, "input": { "type": "object" } } } }, { "name": "kye.point_in_time_audit", "title": "Point-in-time audit replay", "description": "Replay audit chain up to a sequence or timestamp; returns event_type counts and entity_last_event snapshot.", "inputSchema": { "type": "object", "properties": { "sequence": { "type": "integer" }, "before": { "type": "string", "format": "date-time" } } } }, { "name": "kye.request_recovery", "title": "Request recovery", "description": "Open a recovery request for a subject entity. The decision step requires explicit approval.", "inputSchema": { "type": "object", "required": ["subject_entity_id"], "properties": { "subject_entity_id": { "type": "string" }, "reason_code": { "type": "string" } } } }, { "name": "kye.report_compromise", "title": "Report compromise", "description": "File a compromise report. Downstream-derived authorities (delegations, payment authorities, access rights, capability grants, break-glass grants) become unusable; cascade algorithm is part of the patent track and is not disclosed in this repository.", "inputSchema": { "type": "object", "required": ["subject_entity_id"], "properties": { "subject_entity_id": { "type": "string" }, "severity": { "type": "string", "enum": ["low", "medium", "high", "critical"] } } } }, { "name": "kye.register_data_use_manifest", "title": "Register data_use_manifest (§31)", "description": "§31 KYE Data Governance Pack — register a kye.data_use_manifest.v1 declaring what data may an actor touch, for what purpose, under what restrictions. Signed Ed25519. Loaded by the data_use PDP stage at decision-time.", "inputSchema": { "type": "object", "required": ["manifest_id", "issuer", "subject", "purposes", "permitted_actions", "asset_selectors", "not_before", "issued_at", "signature"], "properties": { "manifest_id": { "type": "string" }, "issuer": { "type": "string" }, "subject": { "type": "string" }, "purposes": { "type": "array", "items": { "type": "string" }, "minItems": 1 }, "permitted_actions": { "type": "array", "items": { "type": "string" }, "minItems": 1 }, "asset_selectors": { "type": "array", "minItems": 1 }, "not_before": { "type": "string", "format": "date-time" }, "issued_at": { "type": "string", "format": "date-time" }, "signature": { "type": "object" } } } }, { "name": "kye.revoke_data_use_manifest", "title": "Revoke data_use_manifest (§31)", "description": "§31 — revoke a previously registered manifest by id. Subsequent decisions deny with reason manifest_revoked.", "inputSchema": { "type": "object", "required": ["manifest_id"], "properties": { "manifest_id": { "type": "string" } } } }, { "name": "kye.register_data_asset", "title": "Register data_asset (§31)", "description": "§31 — register a kye.data_asset.v1 record. Invariant: classification ∈ {personal_data, special_category_data} requires data_subject_ref_field so the DSAR agent can join evidence rows back to a subject.", "inputSchema": { "type": "object", "required": ["asset_id", "owner", "asset_kind", "location", "classification"], "properties": { "asset_id": { "type": "string" }, "owner": { "type": "string" }, "asset_kind": { "type": "string", "enum": ["db_table", "object_store_path", "api_endpoint", "ckan_dataset", "message_topic", "vector_collection", "file", "stream"] }, "location": { "type": "object" }, "classification": { "type": "string" }, "data_subject_ref_field": { "type": "string" } } } }, { "name": "kye.assemble_dsar_evidence_pack", "title": "Assemble DSAR Evidence Pack (§31)", "description": "§31 — invoke the kye-dsar-evidence-agent. Streams audit-chain rows matching subject_ref_hash through the dsar-handling rule pack (5 rules in order), assembles a deterministic kye.dsar_evidence_pack.v1, signs Ed25519, persists to R2 with Object Lock COMPLIANCE per §30. Returns delivered=true only when the signature attaches.", "inputSchema": { "type": "object", "required": ["request_id", "subject_ref_hash", "tenant", "window", "inclusion_policy"], "properties": { "request_id": { "type": "string" }, "subject_ref_hash": { "type": "string", "pattern": "^[a-f0-9]{64}$" }, "tenant": { "type": "string" }, "window": { "type": "object", "required": ["from", "to"], "properties": { "from": { "type": "string", "format": "date-time" }, "to": { "type": "string", "format": "date-time" } } }, "inclusion_policy": { "type": "object", "required": ["inclusion_min_confidence", "third_party_redaction"], "properties": { "inclusion_min_confidence": { "type": "number", "minimum": 0, "maximum": 1 }, "third_party_redaction": { "type": "string", "enum": ["full", "field_level", "none"] }, "exclude_classifications": { "type": "array", "items": { "type": "string" } } } } } } } ], "documentation": [ { "href": "https://kye-protocol.github.io/whitepaper.html", "title": "Whitepaper" }, { "href": "https://kye-protocol.github.io/.well-known/api-catalog", "title": "API catalog" } ] }