Build with the contract.
Schema-first. Three SDKs. Reference Gateway. 37/37 conformance fixtures. Every entity, authority, decision, audit event, evidence pack, payload, taxonomy term, metadata binding, graph node — canonical JSON Schema you can implement against.
A protocol you can implement — not just read.
KYE Protocol™ is schema-first. Every entity, authority grant, delegation, scope, capability manifest, validation result, audit event, evidence pack, payload artefact, taxonomy term, metadata binding, and compliance mapping is a canonical JSON Schema 2020-12. OpenAPI, three SDKs, validators, conformance fixtures — all derived.
Three SDKs. One reference Gateway. 37/37 conformance.
- TypeScript SDK —
private/sdks/typescript— schema types, local validators, decision client, signing helpers, evidence-pack builder, taxonomy resolver, metadata classifier, graph traversal client, decision-map renderer. - Python SDK —
private/sdks/python— same surface, dataclass-based. - Go SDK —
private/sdks/go— same surface, struct-tag JSON. - Reference Gateway — Node.js, Express PEP middleware, embedded PDP library (ePDP), conformance runner.
- OpenAPI — Core (
kye-core-v1.yaml) + Payments (kye-payments-v1.yaml) + Extensions (kye-extensions-v1.yaml) covering taxonomy / metadata / graph / decision-map / payload-trust / PAP endpoints. - Policy engines — OPA/Rego, Cerbos, Cedar bundles for Core authz + Payments sPDP + healthcare + financial-services + capability + custody.
16 protocol-core principles in three tiers.
Tier A · Runtime governance: authority · state · decision · policy-bound · evidence · audit-trail. Tier B · Protocol design: schema · dictionary · taxonomy · metadata · graph · profile · registry · conformance. Tier C · Developer adoption: API · SDK. Commercial layer (KYE Cloud™) is SKU-first, metering-first, dashboard-first — never bleeds into the open core.
Get started.
Schemas, OpenAPI, fixtures, SDKs — all in the public org.
Three SDKs. One authorize call.
Pick a language. Drop in the SDK. Ask the gateway whether the action is allowed. Every response is a verifiable decision your auditors can replay.
// npm i @kye/sdk import { KyeClient } from "@kye/sdk"; const kye = new KyeClient({ baseUrl: "https://gw.example/v1" }); const decision = await kye.authorize({ actor: { entity_id: "kye:ent:acme:ai_agent:01J..." }, acting_on_behalf_of: { delegation_id: "kye:del:acme:01J..." }, action: "document.render", }); if (decision.decision !== "allow_with_constraints") throw new Error(decision.reasons.join(",")); // → { decision: "allow_with_constraints", obligations: ["audit.emit"], // stop_conditions: ["actor.stop_signal","delegation.revoked",...] }
# pip install kye-sdk from kye_sdk import KyeClient kye = KyeClient(base_url="https://gw.example/v1") decision = kye.authorize({ "actor": {"entity_id": "kye:ent:acme:ai_agent:01J..."}, "acting_on_behalf_of": {"delegation_id": "kye:del:acme:01J..."}, "action": "document.render", }) assert decision["decision"] == "allow_with_constraints", decision["reasons"]
// go get github.com/kye-protocol/sdk-go package main import ( "context" "github.com/kye-protocol/sdk-go/pkg/kye" ) func main() { c := kye.NewClient("https://gw.example") d, err := c.Authorize(context.Background(), kye.AuthorizeRequest{ Action: "document.render", Actor: kye.Actor{EntityID: "kye:ent:acme:ai_agent:01J..."}, }) if err != nil { panic(err) } // d.Decision == "allow_with_constraints" _ = d }
# Plain HTTP — no SDK required curl -X POST https://gw.example/v1/runtime/authorize \ -H 'content-type: application/json' \ -H 'idempotency-key: 8c4a-...' \ -d '{ "actor": { "entity_id": "kye:ent:acme:ai_agent:01J..." }, "acting_on_behalf_of": { "delegation_id": "kye:del:acme:01J..." }, "action": "document.render" }' # → { "decision":"allow_with_constraints", "reasons":["delegation_active","scope_match"], ... }