Roadmap · v1.0 / v1.1 / v2.0

v1.0 is stable. v1.1 lands Q3 2026.

You can build on v1.0 today without worrying about breaking changes. v1.1 adds five preview profiles + the KYE MCP Server reference implementation + capability-scoped Conformance badges. v2.0 is the next major and ships no earlier than Q1 2027 with a 6-month overlap window. Every item below is tagged shipped, in flight, scheduled, or candidate — dates are commitments, not stretch goals.

check_circle Shipped timer In flight event Scheduled science v2.0 candidates balance Policy
Shipped · April 2026

v1.0.0 frozen.

  1. v1.0.0Core protocol contract — 58 v1.0 normative profiles, 193 OpenAPI operations, 142 schemas, 129 examples, 126 conformance fixtures (41 / 41 pass), reference Gateway, three SDKs (TypeScript / Python / Go), CLI, OPA + Cerbos policy bundles. Apache License 2.0.
  2. v1.0.0Compliance Mapping Rail — 266 control mappings across 13 horizontal frameworks (SOC 2, ISO 27001:2022, PCI DSS 4.0, PSD2 / PSD3, DORA, NIS2, EU AI Act, ISO 42001, NIST AI RMF, NIST SP 800-207, NIST CSF 2.0, GDPR, FedRAMP) plus sector overlays.
  3. v1.0.0Webhook signing profiles — three profiles (shared-secret, asymmetric, binary CBOR). Test vectors in CI; signing profile names + canonical encoding live in the normative spec.
  4. v1.0.0Five interactive widgets — Choose-Your-Role, Agent-Purchase Simulator, Decision Map Viewer, Blast Radius Map, Evidence Pack Viewer.
In flight · rolling on main

v1.0.x patch series + Tier-1 readiness pass.

  1. v1.0.xKYE Authority Wallet Demo — proprietary mobile demo (Expo / React Native). Six screens: Home / Agent / Approval / Decision Map / Evidence Pack / Developer. Five demo scenarios. Synthetic data only. Source committed; EAS build wired (workflow_dispatch ‘Build mobile — KYE Authority Wallet Demo’); Google Play submission pending Console access. Pro version on the v1.1 commercial track.
  2. v1.0.xTier-1 readiness hardening — rolling, May 2026.
    • CI supply-chain: dependency-review, gitleaks, signed-commit check, SBOM 90-day retention.
    • Governance docs: GDPR DPA, ROPA, DSR, PCI scope, customer SLA, sub-processor inventory, BCDR tabletop record.
    • Gateway runtime hardening: opt-in inbound auth, rate-limit, request-size limit, structured logging, JSONL persistent audit chain, receiver-side webhook verifier.
    • SDK + CLI hardening: crypto / errors / retry on TS + Python; CLI keystore + sign + verify-webhook.
  3. v1.0.xMarketing-honesty pass — numeric counts normalised across the site, MCP page tagged as v1.1 roadmap, capability-scoped Conformance badges added to the certification ladder, premature commercial-roadmap disclosure removed. Shipping incrementally.
Scheduled · v1.1 preview

Five preview profiles + KYE MCP Server + capability-scoped Conformance.

Each preview item is gated until its conformance suite is signed off. v1.1 release window: Q3 2026 target; per-item dates below are honest targets, not internal stretch goals.

  1. v1.1kye-conformance-certification-v1 — programme-level badge issuance + verification record schema + public registry. Target: Q3 2026.
  2. v1.1kye-graph-v1 — Authority Graph normative model: graph_node, graph_edge, decision_map schemas + graph-query endpoint surface. Target: Q3 2026.
  3. v1.1kye-payload-trust-v1 — payload-artefact lifecycle + trust binding. Target: Q3 2026.
  4. v1.1kye-self-audit-attestation-v1 — signed self-attestation envelope (Ed25519 / JWS) covering the L2 ladder rung. Target: Q3 2026.
  5. v1.1kye-taxonomy-metadata-v1 — cross-profile taxonomy + metadata-binding schema. Target: Q3 2026.
  6. v1.1KYE MCP Server reference implementation — 10 read-only tools, 5 decision tools, 8 admin tools (gated by default); MCP resources + prompts. Target: Q3 2026; design specification at mcp.html.
  7. v1.1Capability-scoped Conformance badges — KYE Core Conformant, KYE Authority Conformant, KYE Capability Conformant, KYE Evidence Conformant. Target: Q3 2026 with the public registry.
  8. v1.1Postgres adapter for the audit chain — production persistence behind the same interface as the JSONL adapter shipped in v1.0.x. Target: Q3 2026.
  9. v1.1Healthcare conformance fixtures — profile-specific fixtures so the Healthcare profile can earn its own Conformant badge. Target: Q3 2026.
Candidates · v2.0 horizon

Under consideration for the next major.

v2.0 is a future major release with breaking changes. Candidate items below are under consideration, not committed; final scope sets at the v2.0 RFC opening (target: Q1 2027). The v1.x → v2.x migration window will be at least 6 months with overlap support.

  1. v2.0?Distributed signal bus — durable, federated CAEP / SSF-compatible signal delivery with cross-domain receipts.
  2. v2.0?Authority Graph traversal engine — production graph-query engine + decision-map materialisation behind the v1.1 schemas.
  3. v2.0?Hardware-attested key-rotation — native HSM / TPM integration replacing the in-memory KeyRing in the reference Gateway.
  4. v2.0?Federated entity resolution — cross-trust-domain entity discovery without a central registry.
  5. v2.0?OSCAL component-definition exporter — one-click projection of a deployed Gateway into the auditor’s SSP.
Shape the roadmap

Three ways to influence what ships next.

forumGitHub DiscussionsOpen a discussion or comment on existing ones. Maintainers reply on a weekly cadence; high-traction discussions become RFCs. groupsSector working groupsSix open WGs (Payments, Healthcare, Open Banking, Agent Governance, Evidence & Audit, Compliance Mapping) shape v1.1 preview profiles before they freeze. handshakeDirect enquirySector-specific roadmap ask? Enterprise integration timing? Pick the “Roadmap” topic in the contact form.
Versioning policy

SemVer commitment.

  • Major (v2.0) — breaking change to a normative schema, OpenAPI op, or decision code. 12 months minimum between majors; 6 months overlap support.
  • Minor (v1.x) — additive normative change. Backward compatible; conformance pack pinned per minor.
  • Patch (v1.0.x) — behaviour-preserving fix. No schema or wire-format change.
  • Preview — profiles or features published on main but tagged “preview” until their conformance suite freezes. Preview features may change incompatibly until promoted.

For the dated, human-readable release log see changelog.html. For commit history see github.com/KYE-Protocol.

Ready to see your AI agents flagged?

Start in shadow mode. We’ll deliver your first Evidence Pack in 4–8 weeks.

rocket_launch Apply for pilot → science Try the sandbox →