KYA— Know Your Agent

Architecture

A principal–agent control plane.

Agents do not become legal persons. Their actions are bound to an owner, filtered through policy, gated by approval, and recorded for audit.

Control plane

Owner → Agent → KYA → Policy → Approval → Execution → Audit.

A single direction of flow. Authority is granted at the top; evidence accumulates at the bottom.

Each layer is a contract. An agent's proposal cannot reach the next layer unless the current one approves it. Failure at any layer is recorded as evidence and surfaced to operators.

  1. 01

    Owner / Principal

    owner

    The accountable party. Every agent action links back here.

  2. 02

    Agent

    agent

    Autonomous software operating under a defined mandate.

  3. 03

    KYA verification

    kya

    Profile, prompt hash, risk score, oversight — reviewed before activation.

  4. 04

    Policy engine

    policy

    Caps, velocity, allow-lists, category rules — evaluated on every proposal.

  5. 05

    Approval layer

    approval

    Owner confirmation for sensitive actions. Default to confirm.

  6. 06

    Execution

    execution

    Funds reserved, payment routed through rails, outcome captured.

  7. 07

    Audit trail

    audit

    Append-only ledger of proposal, approval, execution, refund.

Principal–agent

Agents are software under a mandate, not legal persons.

The owner remains the responsible party. The agent operates as software acting on the principal's behalf, within a defined digital mandate.

  • Owner is the principal — accountable for outcomes.
  • Agent operates under a recorded mandate — never open authority.
  • Every action is attributable to the owner via the agent.
  • Revocation withdraws authority instantly across all rails.
Principal
own_01HEZ7Q83T · accountable owner
grants → mandate
Agent
agt_01HEZ8K3W9XM2 · acts on behalf of principal
scope: procurementexpires 2026-12-31

Binding

What anchors an agent in place?

Two properties that prevent silent drift: a prompt fingerprint and an explicit oversight flag.

Prompt fingerprint

A SHA-256 of the agent's system prompt. The fingerprint is part of the KYA profile; if the prompt changes, the binding invalidates and the agent must be re-reviewed.

sha256:9a4f2c7e1d…b21c

Human oversight

A first-class boolean: true orfalse. When enabled, sensitive actions require an explicit owner confirmation before execution — there is no silent path around it.

human_oversight=true

Principles

Design choices, made explicit.

Six properties that hold across the system. Each one is a constraint, not a feature.

Principal–agent model

Authority flows from owner to agent under a defined mandate. The owner remains the principal at all times.

Prompt-hash binding

An agent's behaviour is anchored to a SHA-256 of its system prompt. Drift invalidates the binding.

Human oversight, explicit

Oversight is a profile attribute and a runtime gate — not a marketing claim.

Policy at proposal time

Policy is evaluated before approval, not after. Failed checks never reach the owner.

Rail-agnostic execution

Stripe today, more rails tomorrow. The control plane outlives any single integration.

Append-only evidence

Every state transition produces an immutable record suitable for review and reconciliation.

Early access

A control plane, not a black box.

See how KYA fits into the broader agentic-finance stack — start with the developer surface.

Read the developer guideTalk to the team