Install in 60 seconds. Authorise in five.
Schema-first. Three SDKs. KYE Reference Gateway™. 126/126 conformance fixtures. Every entity, authority, decision, audit event, evidence pack, payload, taxonomy term, metadata binding, graph node — canonical JSON Schema you can implement against.
Pick a language. One command.
# TypeScript / Node npm install @kye-protocol/sdk # Python pip install kye-sdk # Go go get github.com/KYE-Protocol/sdk-go # Run the reference Gateway locally (docker) docker run --rm -p 4000:4000 ghcr.io/kye-protocol/gateway:v1.0
Try it without installing anything — in-browser sandbox sends real /v1/runtime/authorize calls to a hosted Gateway and shows the signed Decision Map™.
A protocol you can implement — not just read.
KYE Protocol™ is schema-first. Every entity, authority grant, delegation, scope, capability manifest, validation result, audit event, evidence pack, payload artefact, taxonomy term, metadata binding, and compliance mapping is a canonical JSON Schema 2020-12. OpenAPI, three SDKs, validators, conformance fixtures — all derived.
Three SDKs. One reference Gateway. 126/126 conformance.
- TypeScript SDK —
github.com/KYE-Protocol/sdk-typescript— schema types, local validators, decision client, signing helpers, evidence-pack builder, taxonomy resolver, metadata classifier, graph traversal client, decision-map renderer.npm install @kye-protocol/sdk. - Python SDK —
github.com/KYE-Protocol/sdk-python— same surface, dataclass-based.pip install kye-protocol. - Go SDK —
github.com/KYE-Protocol/sdk-go— core surface complete (entity, delegation, capability, runtime, audit, signals, evidence-pack); extension surface (graph, OSCAL, compliance-card, self-audit) rolling out across v1.0.x.go get github.com/KYE-Protocol/sdk-go. - KYE Reference Gateway™ — Node.js, Express PEP middleware, embedded PDP library (ePDP), conformance runner.
- OpenAPI — Core (
kye-core-v1.yaml) + Payments (kye-payments-v1.yaml) + Extensions (kye-extensions-v1.yaml) covering taxonomy / metadata / graph / decision-map / payload-trust / PAP endpoints. - Policy engines — OPA/Rego, Cerbos, Cedar bundles for Core authz + Payments sPDP + healthcare + financial-services + capability + custody.
16 protocol-core principles in three tiers.
Tier A · Runtime governance: authority · state · decision · policy-bound · evidence · audit-trail. Tier B · Protocol design: schema · dictionary · taxonomy · metadata · graph · profile · registry · conformance. Tier C · Developer adoption: API · SDK.
Subscribe to signed signals in 10 minutes.
KYE Protocol™ is event-driven. The KYE Signal Bus™ emits signed, replayable events for every authority, decision, recovery and evidence-pack lifecycle. Build a verifier:
- Install the SDK —
npm i @kye-protocol/sdk·pip install kye-sdk·go get github.com/KYE-Protocol/sdk-go - Stand up a
POSTreceiver that accepts the canonical JSON envelope (schema:https://kyeprotocol.com/schemas/signal.json). - On receive:
verifyWebhook(envelope, headers)against the publisher's published JWKS. Multiple signing-suite bindings are supported per the conformance pack. - Deduplicate by
event_idusing the SDK's idempotency helper or your store. Replays carry the same id. - Switch on
event_type—kye.authority.revoked,kye.decision.requires_approval,kye.capability.quarantined,kye.evidence_pack.generated, etc. (see 24 event families). - Ack with
2xxwithin the publisher's timeout. Anything else → retry with exponential backoff → eventual DLQ. - Subscribe via
POST /v1/webhook-endpointswith your URL + filter expression + retry policy. Test via:test.
Open contract: envelope schema, every event-family schema, verifier SDK, reference Gateway webhook handler + retry loop + DLQ + replay endpoint, conformance test vectors.
Get started.
Schemas, OpenAPI, fixtures, SDKs — all in the public org.
Three SDKs. One authorize call.
Pick a language. Drop in the SDK. Ask the gateway whether the action is allowed. Every response is a verifiable decision your auditors can replay.
// npm i @kye/sdk import { KyeClient } from "@kye/sdk"; const kye = new KyeClient({ baseUrl: "https://gw.example/v1" }); const decision = await kye.authorize({ actor: { entity_id: "kye:ent:acme:ai_agent:01J..." }, acting_on_behalf_of: { delegation_id: "kye:del:acme:01J..." }, action: "document.render", }); if (decision.decision !== "allow_with_constraints") throw new Error(decision.reasons.join(",")); // → { decision: "allow_with_constraints", obligations: ["audit.emit"], // stop_conditions: ["actor.stop_signal","delegation.revoked",...] }
# pip install kye-sdk from kye_sdk import KyeClient kye = KyeClient(base_url="https://gw.example/v1") decision = kye.authorize({ "actor": {"entity_id": "kye:ent:acme:ai_agent:01J..."}, "acting_on_behalf_of": {"delegation_id": "kye:del:acme:01J..."}, "action": "document.render", }) assert decision["decision"] == "allow_with_constraints", decision["reasons"]
// go get github.com/kye-protocol/sdk-go package main import ( "context" "github.com/kye-protocol/sdk-go/pkg/kye" ) func main() { c := kye.NewClient("https://gw.example") d, err := c.Authorize(context.Background(), kye.AuthorizeRequest{ Action: "document.render", Actor: kye.Actor{EntityID: "kye:ent:acme:ai_agent:01J..."}, }) if err != nil { panic(err) } // d.Decision == "allow_with_constraints" _ = d }
# Plain HTTP — no SDK required curl -X POST https://gw.example/v1/runtime/authorize \ -H 'content-type: application/json' \ -H 'idempotency-key: 8c4a-...' \ -d '{ "actor": { "entity_id": "kye:ent:acme:ai_agent:01J..." }, "acting_on_behalf_of": { "delegation_id": "kye:del:acme:01J..." }, "action": "document.render" }' # → { "decision":"allow_with_constraints", "reasons":["delegation_active","scope_match"], ... }
Canonical artefacts you can implement against.
Ready to see your AI agents flagged?
Start in shadow mode. We’ll deliver your first Evidence Pack™ in 4–8 weeks.