Protocol
What is KYA?
KYA is a governance protocol for autonomous agents. It defines identity, ownership, risk, mandates, and audit — the contract every agent must satisfy before acting.
Principles
Why KYA exists.
Five commitments that shape every part of the protocol.
- 01
Identity is the foundation
An agent without a stable identity is unreviewable, unauditable, and untrustable. KYA binds an agent to a vendor, a model, and a prompt fingerprint that uniquely identifies its behaviour.
- 02
Authority is bounded
Agents do not hold open authority. They operate under a defined mandate — what they may do, on whose behalf, within what limits — recorded before any action takes place.
- 03
Risk is measured, not assumed
Every agent carries a risk score derived from its profile, data sources, and history. Risk is visible to operators and feeds into policy decisions automatically.
- 04
Oversight is non-optional
Sensitive actions require human confirmation. Oversight is a first-class property of the protocol, not an afterthought bolted onto execution.
- 05
Records outlast the agent
Proposals, approvals, executions, and outcomes are append-only. Even after an agent is revoked, its history remains available for review and audit.
Identity model
What does KYA know about an agent?
Six attributes that make an agent reviewable, attributable, and auditable.
Stable identifier
Persistent across re-deployments.
Principal link
Every action is attributable.
Behavioural fingerprint
SHA-256 of the system prompt.
Declared access
What the agent may read.
Supervision flag
Is a human reviewing actions?
Authorised ceiling
Hard limit per window.
Risk model
Three bands, one decision rule per band.
A risk score is computed for every agent. It is used to route proposals automatically and to surface risk to operators.
Routine actions allowed under standard policy.
Approval required above per-action thresholds.
All actions require explicit owner confirmation.
Lifecycle
Agent states are first-class.
Every transition is recorded; nothing is implicit. Operators see history; owners see authority.
- 01DraftAgent is created locally; KYA profile not yet submitted.
- 02Pending reviewSubmission accepted; compliance review in progress.
- 03ApprovedKYA decision recorded. Agent may begin authorised actions.
- 04ActiveOperating under policy limits; every action is audit-logged.
- 05Frozen / RevokedAuthority withdrawn. Pending actions are blocked.
- 01DraftAgent is created locally; KYA profile not yet submitted.
- 02Pending reviewSubmission accepted; compliance review in progress.
- 03ApprovedKYA decision recorded. Agent may begin authorised actions.
- 04ActiveOperating under policy limits; every action is audit-logged.
- 05Frozen / RevokedAuthority withdrawn. Pending actions are blocked.
Mandates
Authority is granted in writing.
A mandate is a structured grant of authority: scope, caps, categories, expiry. It is the agent's contract with the principal.
- Spend caps — daily and per-action.
- Categories — allow-list of permitted purposes.
- Merchants — optional restriction on counterparties.
- Expiry — automatic revocation after a set period.
- Approval default — always-confirm, no exceptions in MVP.
- agent
- agt_01HEZ8K3W9XM2
- principal
- own_01HEZ7Q83T
- scope
- procurement
- spend_cap
- 5,000 USD / day
- categories
- compute, saas
- expires
- 2026-12-31
- approval
- always_confirm
Events
Every state change is an event.
Events are append-only. They are the substrate for audit, reconciliation, and webhook delivery.
{
"event_id": "evt_01HEZ8K3W9XM2",
"type": "proposal.approved",
"agent_id": "agt_01HEZ8K3W9XM2",
"owner_id": "own_01HEZ7Q…",
"payload": {
"amount": 24900,
"currency": "USD",
"merchant": "API Provider",
"purpose": "Inference credits"
},
"policy": {
"matched": ["spend_cap.daily", "category.compute"],
"risk_score": 24
},
"ts": "2026-05-22T09:14:08Z"
}Early access
Build on a protocol, not a hack.
If you're shipping agents, KYA gives you the trust layer you'd otherwise have to invent.