Build with KYE™

Build authority-aware apps with KYE™.

KYE Protocol™ is not just a specification — it's a build surface. Runtime Authority API, three SDKs, an MCP server, a connector framework, signed webhooks, Decision Maps™, and evidence packs. Add delegated authority, state-aware decisions, and replayable proof to AI agents, payment flows, checkout, wallets, IAM, SIEM, GRC, and enterprise workflows.

Open source

apps Six surfaces store What you can build api Runtime API code SDKs smart_toy MCP server extension Connectors check_circle What ships today

Six surfaces

Pick the surface that fits your stack.

apiRuntime Authority APIAsk whether an entity can act before the action executes. POST /v1/runtime/authorize — allow / require_approval / require_step_up / quarantine / deny + reason code + obligations + evidence refs.view decision endpoint → codeSDKsTypeScript, Python, Go. Schema types, validators, decision client, signing helpers, evidence-pack builder, taxonomy resolver, decision-map renderer, webhook verifier.view SDKs → smart_toyKYE MCP Server™Expose KYE™ schemas, decisions, Decision Maps™ and evidence packs to MCP-compatible agents and developer tools — while production enforcement stays in the runtime gateway.explore MCP server → extensionConnector Hub™Plug KYE™ into payment gateways, checkouts, wallets, IAM, policy engines, SIEM, GRC, agent runtimes, KYC/KYB/KYA. One canonical manifest schema; six families.view connector hub → sendKYE Signal Bus™24 event families, 79 well-known event types, canonical envelope, signed deliveries (HTTPS webhook + SSE / WS + Kafka), idempotent + replayable + dead-letter-safe.view event reference → verifiedEvidence PacksGenerate signed, replayable proof bundles. Public-key-verifiable offline. Bind decisions, audit chain, control mapping, and OSCAL projection in one artefact.inspect evidence pack →

What you can build

Six high-use starters — and 15 more.

These are the products with the strongest pull from regulated buyers right now. Each composes from the surfaces above.

P1KYE Checkout Guard™ — for merchants and commerce platforms. Detect agent-backed checkout flows and verify whether the agent is allowed to buy this basket from this merchant using this instrument under the customer's limits. Composes: Runtime API + KYE Signal Bus™ + Evidence Packs.
P2KYE Payment Authority Gateway™ — for banks, issuers, IPGs, MPGs, PSPs, agentic-payment platforms. Verify delegated payment authority before the gateway processes the transaction. Composes: Runtime API + Payments connector + Evidence Packs.
P3KYE MCP Server™ — for agent developers and internal AI platforms. Expose KYE™ authority objects, schemas, decisions, and evidence to MCP clients safely. Composes: MCP Server + Read-only tools + Gated decision tools.
P4KYE CISO Console™ — for security and risk teams. View every agent, credential, capability, delegation, state, and revocation path. Composes: Authority Graph™ + KYE Signal Bus™ + Audit chain.
P5KYE Evidence Viewer™ — for auditors and regulators. Replay decisions, verify evidence packs offline with public keys, map events to controls. Composes: Evidence Packs + OSCAL projection + Decision Maps™.
P6KYE Partner Toolkit™ — for consultants, audit firms, SIs. Run authority mapping, readiness checks, conformance prep, pilot scoping. Composes: Readiness API + Conformance pack + Decision Maps™.

Other strong starters: agent purchasing apps · agent marketplace trust layers · wallet authority consoles · open-banking delegated-authority apps · enterprise service-account authority maps · GRC evidence automation · SIEM authority-signal feeds · certification portals · tool-governance gateways · capability registries · sector profiles for healthcare / custody / telco / federal.

Runtime Authority API

One call, before the action executes.

The decision endpoint is the single most important surface. Your app asks; KYE™ answers in milliseconds.

POST /v1/runtime/authorize
{
  "actor_entity_id":     "kye:entity:agent:shopping_agent_456",
  "principal_entity_id": "kye:entity:person:customer_123",
  "subject":             "kye:capability:payment_action:card_purchase",
  "resource":            { "merchant_id": "M-7104", "amount": 9999, "currency": "GBP" },
  "scope":               { "instrument": "kye:card_token:tok_abc..." },
  "policy_decision_id":  "kye:dec:01HX..."
}

→
{
  "decision":  "allow_with_constraints",
  "reason":    "scope_within_attenuated_authority",
  "obligations": [ { "type": "audit.emit", ... }, { "type": "redaction.required", ... } ],
  "stop_conditions": [ "actor.stop_signal", "delegation.revoked", "scope.attenuated" ],
  "evidence_refs":   [ "kye:evidence-pack:01HX..." ],
  "decision_map_ref": "kye:decision_map:01HX..."
}

Eight decision codes are stable across versions: allow, allow_with_constraints, require_approval, require_step_up, require_human_review, require_recovery, quarantine, deny. Map to your own code-set via the conformance pack.

Three SDKs

Same surface in TypeScript, Python, and Go.

TypeScript — npm install @kye-protocol/sdk · github.com/KYE-Protocol/sdk-typescript
Python — pip install kye-sdk · github.com/KYE-Protocol/sdk-python
Go — go get github.com/KYE-Protocol/sdk-go · github.com/KYE-Protocol/sdk-go

Each SDK ships: schema types · local validators · decision client · signing helpers · evidence-pack builder · taxonomy resolver · metadata classifier · graph traversal client · decision-map renderer · webhook verifier · idempotency helper · replay client.

code Developer quickstart → open_in_new GitHub org

KYE MCP Server™

Make KYE™ available to MCP-compatible agents.

Expose KYE™ schemas, dictionaries, authority checks, Decision Maps™, and evidence packs through a controlled MCP interface — while production enforcement stays in the KYE Runtime Gateway™, never in MCP.

The boundary: MCP is a developer / agent integration surface. The Runtime Gateway is the enforcement surface. Don't conflate.

smart_toy KYE MCP Server™ reference → architecture Runtime Gateway

Connector Framework

Plug KYE™ into the systems you already run.

A canonical connector manifest schema, six connector families, and a hub for discovery.

paymentsPayments & commerceIPG · MPG · payment gateway · checkout · shopping cart · card-token · wallet · open banking · merchant-risk · chargeback / dispute

smart_toyAI & agent runtimeMCP · agent runtime · tool gateway · capability registry · model registry · prompt registry · workflow

keyIdentity & accessOAuth/OIDC · SAML · SCIM · SPIFFE/SPIRE · IAM · PAM · passkey · credential issuer

policyPolicy & governanceOPA · Cerbos · AWS Cedar · GRC · control mapping · certification · self-audit

manage_searchSecurity & observabilitySIEM · SOAR · Splunk · Microsoft Sentinel · Datadog · CloudWatch · Kafka · EventBridge · webhook

badgeVerificationKYC provider · KYB provider · KYA provider · agent passport · credential verification

extension Connector Hub™ → extension Composition with adjacent standards

What ships today

Open source

Every contract below is implementable today — partners and developers integrate without depending on any hosted service.

Surface	What you get
Schemas & dictionaries	Every entity / authority / decision / event / connector-manifest schema; reason codes; taxonomies
SDKs	TypeScript / Python / Go — schema types, validators, signing helpers, webhook verifier, evidence-pack builder
MCP server	Skeleton + read-only tools + decision tools (gated)
Connectors	Manifest schema, conformance tests, sample IPG / checkout / MCP connectors, local test harness
Reference runtime	KYE Reference Gateway™: PEP middleware, embedded ePDP, conformance runner
Conformance	41 black-box fixtures, test vectors

Adjacent reading

Where to go next.

code Developer quickstart → smart_toy MCP server extension Connectors send Signal Bus handshake Partner programme

Ready to see your AI agents flagged?

Start in shadow mode. We’ll deliver your first Evidence Pack™ in 4–8 weeks.

rocket_launch Apply for pilot → science Try the sandbox →