Changelog

Upgrade your build — here’s what’s new.

Breaking changes since v1.0.0: none. SemVer guarantees apply from v1.0.0 onwards (see policy). Every entry below carries an action label: action: required, action: optional, or no action.

Dated release notes for KYE Protocol. The contract is frozen at v1.0 (April 2026); patch releases (v1.0.x) ship behaviour-preserving fixes; v1.1 preview profiles are gated until the conformance suite for each one is signed off. For day-to-day commit history, see github.com/KYE-Protocol.

science Unreleased flag v1.0.0 timer v1.1 preview balance SemVer policy
Unreleased · on the main branch

In flight.

  • Tier-1 readiness pass (optional — turn on the new env vars to harden your deployment):
    • CI supply-chain: dependency-review, gitleaks, signed-commit check, SBOM retention.
    • Governance templates: GDPR DPA, ROPA, DSR procedure, PCI scope, customer SLA, sub-processor inventory, BCDR tabletop.
    • Gateway hardening middleware: auth, rate-limit, body-size, structured logging, JSONL + Postgres audit-chain adapters, receiver-side webhook verifier, COSE_Sign1 binary signing, OPA policy-engine adapter, Authority Graph traversal engine, HSM/KMS key-custody interface.
    • SDK crypto + errors + retry across TS + Python + Go.
    • CLI keystore + sign + verify-webhook.
  • Sovereign AI build-out (action: optional — only if you adopt the v1.1 preview profile) — Sovereign AI Profile™ + 9 sub-profiles + 5 planned apps; sovereign-ai-authority.json schema + example + conformance fixture + SDK types.
  • Numeric ledger reconciled (no action) — site claims now match repo counts line-for-line: 58 v1.0 normative profiles, 126 conformance fixtures (41/41 pass), 158 JSON Schemas, 129 validated examples, 50 reference connectors (now served by GET /v1/connectors), 24 event families × 79 types, 266 control mappings across 13 frameworks.
  • Trademark family unified (no action) — open-source / spec surface continues as Reference Gateway / Runtime Gateway / KYE-Gateway v1 without the ™; protected marks documented in legal.html.
v1.0.0 · April 2026

First frozen public release.

The frozen v1.0 contract: 58 normative profiles, 193 OpenAPI operations, 158 JSON Schemas, three SDKs, 126 conformance fixtures (41/41 pass), 266 compliance control mappings. Apache License 2.0.

Highlights

  • Apache License 2.0 across the protocol-adoption layer (vocabulary, ID format, schemas, examples, SDKs, reference Gateway, conformance suite).
  • KYE Compliance Mapping Rail shipped with control bindings for SOC 2 TSC 2017, ISO/IEC 27001:2022, PCI DSS 4.0, PSD2 / PSD3, DORA, NIS2, EU AI Act, NIST SP 800-207, HIPAA.
  • Patent-safety scan wired into CI; 0 violations across all six public org repos.
  • KYE Self-Audit & Attestation Profile normative spec; 7 SQL tables; 9 schemas; 9 examples; 74 OpenAPI operations under /v1/conformance/*, /v1/certification/*, /v1/self-audit/*.
  • Webhook signing profiles: three profiles (shared-secret, asymmetric, and binary CBOR). Test vectors run on every CI build via scripts/verify-webhook-vectors.js; signing profile names + canonical encoding live in the normative spec.
  • Five interactive widgets shipped under widgets.html: Choose-Your-Role router, Agent-Purchase Simulator, Decision Map Viewer, Blast Radius Map, Evidence Pack Viewer. Pure JS, no signup, no install.

Breaking changes

None — v1.0.0 is the first public release. SemVer guarantees apply from this point forward (see SemVer policy below).

v1.1 preview · in flight

Five preview profiles, plus four capability-scoped Conformance badges.

The preview profiles are gated until each one ships its own conformance suite and at least one runtime fixture passes against the reference Gateway. Until then, they live on the main branch as preview normative drafts; implementations following them carry no official Conformance badge.

  • kye-conformance-certification-v1 — programme-level badge issuance + verification record schema. Powers the capability-scoped ladder.
  • kye-graph-v1 — Authority Graph normative model: graph_node + graph_edge + decision_map schemas + a graph-query endpoint surface.
  • kye-payload-trust-v1 — payload-artefact lifecycle + trust binding (verified / rejected / executed states + signed payload references).
  • kye-self-audit-attestation-v1 — self-attestation envelope (signed Ed25519 / JWS) covering the L2 ladder rung.
  • kye-taxonomy-metadata-v1 — cross-profile taxonomy + metadata-binding schema for sector-overlay mapping.

KYE MCP Server reference implementation is gated to v1.1 (see mcp.html for the design specification).

Versioning policy

SemVer + change classification.

  • Major (v2.0) — breaking change to a normative schema, OpenAPI operation, or decision code. 12 months minimum between majors; 6 months overlap window for migration.
  • Minor (v1.x) — additive normative change (new profile, new endpoint, new schema). Backward compatible; conformance pack pinned per minor.
  • Patch (v1.0.x) — behaviour-preserving fix or clarification. No schema or wire-format change; conformance pack version unchanged.
  • Preview — profiles or features published on main but explicitly tagged “preview” until their conformance suite is frozen. Preview features may change incompatibly until promoted.

Source-of-record: git history on the public org; this page is the curated, dated, human-readable view.

Ready to see your AI agents flagged?

Start in shadow mode. We’ll deliver your first Evidence Pack in 4–8 weeks.

rocket_launch Apply for pilot → science Try the sandbox →