# KYE Protocol™ — The Entity Authority Protocol for AI Governance > KYE Protocol™ proves who or what is acting, on behalf of whom, using > which capability, under what authority, in what state, and with what > audit trail. The technical and evidentiary foundation for **Authority > Finality™** in AI-agent systems: a replayable proof layer for > accountability, compliance, dispute resolution, and legally defensible > audit trails. > KYE does not replace legal agreements, signatures, or regulatory > obligations — it provides the technical control and evidence layer > needed to support authority finality, accountability, and legally > defensible audit trails for agentic systems. > Apache License 2.0. ## Architecture (16 protocol-core principles + commercial layer) KYE Protocol™ is **authority-first, state-first, decision-first, policy-bound, evidence-first, and audit-trail-first** at runtime — built on **schema-first, dictionary-first, taxonomy-first, metadata-first, graph-first, profile-first, registry-first, and conformance-first** protocol design — and reaches builders via **API-first** and **SDK-first** discipline. Designed as an implementable protocol — not a whitepaper. ### Tier A — Runtime governance (what KYE decides) 1. **Authority-first** — KYE's centre is authority, not identity. Every action answers *who or what is acting, on behalf of whom, using which capability, under what authority, in what state, with what audit trail*. Core records: `KYEAuthorityGrant`, `KYEAuthorityScope`, `KYEDelegation`, `KYEActingOnBehalfOf`, `KYEAuthorityState`, `KYEAuthorityDecision`, `KYEAuthorityRevocation`, `KYEAuthorityEvidence`. 2. **State-first** — authority is meaningless without state. Every authorize call composes `entity_state`, `authority_state`, `delegation_state`, `credential_state`, `capability_state`, `payload_state`, `recovery_state`, `risk_state`. KYE is state-aware authority infrastructure. 3. **Decision-first** — runtime systems need an answer. `POST /v1/runtime/authorize` returns `allow` / `allow_with_constraints` / `require_approval` / `require_step_up` / `require_human_review` / `require_recovery` / `quarantine` / `deny` — with reason code, matched policies, obligations, evidence refs — in ms. 4. **Evidence-first** — KYE turns authority into evidence. Every decision produces a `policy_decision_id` binding to validation results, audit events, transparency receipts, signals, and a signed `evidence_pack` consumable by GRC, auditors, regulators, dispute panels. 5. **Audit-trail-first** — no authority without audit. No audit without evidence. Every material change emits an append-only, hash-linked, timestamped, reason-coded, actor-bound, policy-bound, decision-bound audit event — exportable, replayable. ### Tier B — Protocol design (how KYE classifies and ships) 6. **Schema-first** — JSON Schema 2020-12 with absolute `$id` at `kye-protocol.github.io/schemas`. OpenAPI, SDKs, validators, docs, and conformance tests are derived from schemas, not hand-written. 55 schemas, 58 validated examples. 7. **Dictionary-first** — canonical vocabulary for entity types, all state dimensions, decisions, reason codes, capability kinds, side-effect levels, data classes, signal types, redaction fields, taxonomies, graph types. 17 dictionary files in `public/vocabulary/`. 8. **Taxonomy-first** — 16 V1 canonical taxonomies (entity_type, capability_type, action_type, resource_type, data_class, side_effect_level, risk_state, environment, decision, reason_code, evidence_type, compliance_framework, sector, jurisdiction + 2 state taxonomies). Versioned, status-bound, mappable to framework controls. 9. **Metadata-first** — every KYE object carries `labels`, `classifications`, `ownership`, `lineage`, `compliance` blocks whose values are drawn from registered taxonomies. Metadata influences decisions; the runtime exposes it to the policy layer. 10. **Graph-first** — *authority is relational.* Every entity, delegation, capability, credential, policy, state, decision, and evidence object is a node; every authority relationship is a typed edge. Authority Graph™, Decision Map™, Evidence Graph™, Blast Radius Map™, Compliance Map™. Storage substrate is implementation choice (Postgres, Neo4j, Neptune, Memgraph, TigerGraph, ArangoDB, RDF). 11. **Profile-first** — Core stays small. 41 profiles add domain semantics (Capability, Recovery, Payments, Payload Trust, Taxonomy & Metadata, Graph, Healthcare, EU AI Act, ISO 42001, Defence, Energy, Manufacturing, Maritime, Logistics, Aviation, &c.). Profiles never modify Core. 12. **Registry-first** — every object is resolvable. `/.well-known/kye` advertises supported versions, profiles, crypto suites, JWKS, dictionaries, taxonomies, metadata schemas, registries. 13. **Conformance-first** — 37-fixture black-box pack any conformant Gateway must pass. Vendor self-attestation via `conformance-report.json`. ### Tier C — Developer adoption (how KYE reaches builders) 14. **API-first** — `POST /v1/runtime/authorize` is the headline; 130+ OpenAPI operations across runtime, registry, taxonomy, metadata, and graph endpoints back it. `GET /v1/decisions/{id}/map` returns a Decision Map™. 15. **SDK-first** — TypeScript / Python / Go SDKs ship with schema types, local validators, decision clients, signing helpers, verification helpers, policy adapters, audit emitters, evidence-pack builders, taxonomy resolvers, metadata classifiers, graph traversal clients, decision-map renderers. ### Commercial layer — KYE Cloud™ (separate from the protocol core) The open protocol stays vendor-neutral. The hosted product is **SKU-first, metering-first, enterprise-pack-first, compliance-pack-first, BYOC / on-prem-first**. SKUs include Hosted Registry, Validator API, Recovery Console, Evidence Packs, Compliance Profiles, Regulated-Sector Packs, Enterprise Deployment. **SKU logic never enters Core objects** (`KYEEntity`, `KYEAuthorityGrant`, `KYEAuditEvent`, `KYEStateTransition`). ## v1.0 ships - 41 normative profiles: Core, Gateway, Federation, Credentials, Attestation, Signals, Transparency, Conformance, Treasury, Custody, Healthcare, Telemetry, Capability, Recovery, Payments, Payload Trust, Taxonomy & Metadata, Graph - 3 payment overlays: kye-payments-eu-1.0, kye-payments-card-1.0, kye-payments-high-assurance-1.0 - 186 OpenAPI operations across 87+ runtime endpoints - 55 JSON Schemas (JSON Schema 2020-12) with 58 validated examples - 37 black-box conformance fixtures - 173 control mappings: SOC 2, ISO 27001:2022, PCI DSS 4.0, PSD2/PSD3, DORA, NIS2, EU AI Act, NIST 800-207, HIPAA - 6-dimension state composition matrix with 10 illegal compositions and 5 break-glass entry conditions (state-composition-matrix.md) - RFC 7807 problem+json error envelope with KYE-specific extensions - Wire-protocol version negotiation: Accept-Version + URN segment - Cascade atomicity contract: caller-visible all-or-nothing guarantee with idempotent retry and signed cascade_summary - Cryptographic agility: Accept-Crypto-Suite negotiation; opaque suite names; algorithms remain in patent track - Quantitative SLA tiers (Tier-1 Bank / Tier-2 / Tier-3) with p50, p99, throughput, cascade latency targets - Capability profile MCP subset: gating per MCP operation, sampling budgets, tool versioning, dependency DAG resolution, supply-chain attestation - Recovery m-of-n approval semantics with reject-wins, ordered/unordered pools, and offline-verifiable proofs - Federation multi-region: replication topology, 6 conflict-resolution rules, 18-month key archival floor - Credentials selective disclosure (SD-JWT, BBS+) and GDPR right-to- erasure flow - Telemetry: redaction MUST, OTLP + CloudEvents 1.0 exports, per-decision-class sampling floors - Payments post-execution lifecycle: hold, release, reversed, disputed, charged_back, dispute_resolved, settled, ISO 20022 alignment - Reference Gateway (Node.js, no Express, zero runtime deps), 67/67 tests - TypeScript, Python, Go SDKs - OPA Rego + Cerbos policy bundles at parity (22 fixtures) ## Six-dimension state model Every entity has six independent state dimensions, each transitioning independently and emitting its own signal class: - entity_state — provisional / active / suspended / quarantined / stopped / tombstoned - authority_state — none / scoped / elevated / break_glass / frozen - delegation_state — active / parent_revoked / self_revoked / expired / scope_violated - credential_state — none / valid / expired / revoked / signature_invalid - recovery_state — healthy / recovery_requested / recovery_decided / compromised / rotated - risk_state — nominal / elevated / watch / denylisted ## Sectors covered Retail & commercial banking; payments & cards; healthcare & life sciences; capital markets & treasury; custody & digital-asset operators; insurance & underwriting; AI labs & agent platforms; public sector & defence; marketplaces & platforms. ## URN format Every entity, delegation, signal, decision, credential, capability, recovery, audit event and proof bundle uses a single URN shape: kye:::: Examples: kye:ent:acme.example:ai_agent:01JY3J1D4E5A7K3JQFK4E0Q1XZ kye:del:acme.example:01JYDELEG0000000000000000A kye:cap:acme.example:tool:01JYCAP00000000000000000A kye:rec:acme.example:01JYREC00000000000000000A ## Discovery - Site: https://kyeprotocol.com - Whitepaper: https://kyeprotocol.com/whitepaper.html - Legal & trademark: https://kyeprotocol.com/legal.html - API catalog: https://kyeprotocol.com/.well-known/api-catalog - MCP server card: https://kyeprotocol.com/.well-known/mcp/server-card.json - Agent skills: https://kyeprotocol.com/.well-known/agent-skills/index.json - OAuth authorisation server: https://kyeprotocol.com/.well-known/oauth-authorization-server - OAuth protected resource: https://kyeprotocol.com/.well-known/oauth-protected-resource - OpenID configuration: https://kyeprotocol.com/.well-known/openid-configuration - Sitemap: https://kyeprotocol.com/sitemap.xml - Source: https://github.com/KYE-Protocol ## Repos - KYE-Protocol/app — root meta repo (this README) - KYE-Protocol/vocabulary — open vocabulary (Apache 2.0) - KYE-Protocol/id-format — URN format reference - KYE-Protocol/examples — example payloads (JSON, validated against schemas) - KYE-Protocol/Discussions — RFCs and Show & Tell - KYE-Protocol/.github — org profile, security policy, CONTRIBUTING ## Trademark KYE™, KYE Protocol™ and Know Your Entity™ are trademarks of the KYE Protocol™ project. The marks identify the protocol as published. Conformant implementations may use them; forks may not. Trademark policy: https://kyeprotocol.com/legal.html ## Patent The vocabulary, URN format, JSON Schemas, OpenAPI specs, conformance pack, reference implementation, SDKs and policy bundles are open under Apache 2.0. Specific mechanism designs sit in a separate patent track and are not disclosed in the public repositories pre-filing — algorithm details for decision evaluation, audit record linking, signal propagation, scope attenuation, and the signing-suite construction are deliberately omitted from public artefacts. v2.0 moves the patent track to a royalty-free open standard (Linux Foundation / OpenWallet Foundation track). ## Authority Graph™ + Decision Map™ (KYE Graph Profile™) KYE is **graph-first**. Authority is relational. Every entity, delegation, capability, credential, policy, state, decision, and evidence object is a node; every authority relationship is a typed edge. Trademarked graph projections: - **Authority Graph™** — who or what can act, for whom, using which capability, under which scope, in which state. - **Decision Map™** — replayable graph of one decision: actor → principal → delegation → capability → authority → scope → state → policy → decision → audit → evidence. Returned by `GET /v1/decisions/{id}/map`. - **Evidence Graph™** — decision ↔ authority grants ↔ capability manifests ↔ payloads ↔ audit events ↔ evidence packs. - **Blast Radius Map™** — what breaks if a credential / capability / entity is compromised. - **Compliance Map™** — projection from KYE objects to framework controls (EU AI Act, ISO 42001, SOC 2, DORA, NIS2). Specific traversal algorithms sit behind the patent track. Storage substrate (Postgres, Neo4j, Neptune, Memgraph, TigerGraph, ArangoDB, RDF) is implementation choice. > KYE turns identity, authority, capability, state, policy, and > evidence into a traversable Authority Graph™. > Every KYE decision comes with a Decision Map™ — a replayable graph > showing who or what acted, for whom, using which capability, under > what authority, in what state, and with what evidence. ## Entity vs. evidence taxonomy (KYE Payload Trust Profile™) KYE governs **acting entities, principal entities, capability entities, resource entities, credential entities, and evidence artefacts** — and keeps them strictly distinct. | Concept | Role | Examples | |-------------------|---------------------------------|-----------------------------------------------------------| | Acting entity | Who or what is acting | AI agent, service, user, autonomous workflow | | Principal entity | On whose behalf | Organisation, business, natural person, deployer | | Capability entity | Using which capability | Skill, tool, MCP tool, function, connector, playbook, … | | Resource entity | Acting on which resource | Wallet, dataset, document, vehicle, vessel, shipment | | Credential entity | Carrying which proof | Verifiable credential, attestation, key | | Evidence artefact | Recording the act | **Payload artefact**, audit event, transparency receipt | | Decision | Authority result | `policy_decision_id` — allow / require_approval / deny | The **KYE Payload Trust Profile™** (`kye-payload-trust-1.0`) defines payload artefacts as signed, hashed, replay-resistant **evidence artefacts** that record or request an action by an acting entity, on behalf of a principal entity, using a capability entity. Payloads carry state but never authority. The runtime verifies them, binds the resulting policy decision back to the artefact, and emits replayable audit evidence. 13 lifecycle + denial states; 10 deny reason codes. > KYE binds signed payloads to entity authority, capability state, > policy decisions, and replayable audit evidence. ## Compliance frameworks (KYE Compliance Mapping Rail™) KYE is the operational evidence/control layer beneath these governance frameworks. The Compliance Mapping Rail™ (`schemas/compliance-mapping.json`) binds each control to the KYE runtime events that produce its evidence. - KYE EU AI Act Profile™ (EU AI Act, Regulation (EU) 2024/1689): 10 controls (KYE-EUAIACT-001..010) covering entity accountability, AI system registry, capability manifest + risk classification, human-oversight gates, runtime authority decision logs, technical documentation evidence pack, corrective action trail, provider/deployer/operator role mapping, high-risk workflow profile, post-market monitoring hooks. - ISO/IEC 42001 — AI management system inventory, responsibility, risk/impact, lifecycle controls, oversight logs. - NIST AI RMF — Govern / Map / Measure / Manage evidence around actors, risks, controls, decisions, lifecycle. - ISO 27001:2022, SOC 2, GDPR, DORA, NIS2, PCI DSS 4.0, HIPAA, NIST 800-207. KYE does not replace these frameworks. It exports signed evidence packs mapped to them. ## Sector profiles KYE supports the following sector profiles (each a normative draft v1.0 in `private/specs/`): - KYE Defence Profile™ - KYE Critical Infrastructure Profile™ - KYE Energy Profile™ - KYE Manufacturing Profile™ - KYE Oil & Gas Profile™ - KYE Mining Profile™ - KYE Automotive Profile™ - KYE Maritime & Shipping Profile™ - KYE Logistics Profile™ - KYE Aviation Profile™ - KYE Healthcare Profile™ - KYE Financial Services Profile™ - KYE Public Sector Profile™ Each profile composes with the EU AI Act profile (kye-euaiact-1.0) when AI systems or AI agents are involved. ## License Apache License 2.0 unless an individual file specifies otherwise. — KYE Protocol™ project, 2026.