KYE Protocol™ · architecture

KYE Rules Gateway™ — runtime enforcement boundary

Every AI action goes through the gateway. The gateway checks rules. You get one of six verdicts — with proof.

rocket_launch Apply for pilot → menu_book Read the docs
Plain take

Plain take

Every call. One check. One verdict. With proof.

  • Allow. Deny. Approve. Warn. Quarantine. Limit.
  • Each verdict cites a rule.
  • Each rule cites a control.
  • Each call gets an evidence pack.

Architecture

What it is. Why it matters. What to do next.

The Rules Gateway™ is the canonical enforcement boundary for delegated AI. The pre-existing KYE Runtime Gateway™ (the seven-question contract from) is a specialisation of the Rules Gateway™ for AI-inference calls — same enforcement boundary, AI-specific rule pack loaded.

AI agent / app / workflow / MCP tool
                ↓
        KYE Rules Gateway™
                ↓
   loads applicable manifests
   loads applicable dictionaries
   loads applicable rule pack(s)
   calls Authority / Purpose / State / Decision engines
                ↓
   allow | deny | review | evidence_required | quarantine
                ↓
   emits Evidence Pack + Replay Proof
                ↓
   packages into Authority Proof Bundle (Phase 6)

Canonical verdict precedence (locked)

Effects from matching rules reduce by canonical precedence. deny wins absolutely regardless of priority — the safety floor.

  1. deny — safety floor
  2. require_human_approval
  3. require_revalidation
  4. quarantine
  5. rate_limit
  6. require_evidence_pack
  7. advisory_warn
  8. audit_route_* (side effects, no verdict change)
  9. allow

11 condition operators

Rules express condition trees using all_of / any_of / not combinators and these leaf comparators: eq · ne · gt · gte · lt · lte · in · not_in · matches · exists · older_than. Field paths use JSONPath-style accessors into the action context.

Runtime

Library: @kye/rules-gateway — pure deterministic evaluator + loader; 12 passing unit tests against the real Financial Services rule pack. Worker wrapper ships at internal.

Companion surfaces

What it is. Why it matters. What to do next.

Inside KYE Protocol™ the layers are these: profiles define is; rule packs define does; dictionaries define means; manifests define installable / verifiable / sellable; engines execute; the Rules Gateway™ enforces.