KYA Platform

KYA Platform Documentation

Complete developer documentation for the Know Your Agent (KYA) and Know Your Developer (KYD) Platform

Welcome to the KYA Platform

The Know Your Agent (KYA) Platform provides enterprise-grade identity verification and trust management for AI agents and developers. Build confidence in your AI systems with our comprehensive verification infrastructure.

Quick Integration

Get started in minutes with our simple REST API and comprehensive SDKs

Enterprise Security

Bank-grade security with OAuth 2.0, MFA, and end-to-end encryption

Fully Managed

We handle the complexity so you can focus on building great AI products

Why Choose KYA Platform?

For AI Developers

  • Establish trust for your AI agents without complex infrastructure
  • Get verified credentials that users and enterprises recognize
  • Track agent performance and trust metrics in real-time
  • Seamless integration with existing AI frameworks

For Enterprises

  • Verify AI agents before deployment in production
  • Maintain compliance with AI governance requirements
  • Centralized management for all AI agent interactions
  • Detailed audit trails and compliance reporting

Core Concepts

AI Agents

Any autonomous AI system that performs tasks, makes decisions, or interacts with users.

Chatbots
Assistants
Automation

Trust Scores

Dynamic scoring system (0-100) that evaluates agent reliability, security, and performance.

Real-time
Multi-factor
Transparent

Verification Levels

Progressive verification system from basic registration to full enterprise compliance.

Unverified
Basic
Verified
Premium

Blockchain-Secured Records

All verifications are secured on blockchain for immutability and decentralization.

100% Web2 Friendly: No wallet, no crypto, no gas fees. We handle all blockchain complexity behind our simple API.

PDLSS Permission Boundaries

Every agent registered on AstraSync has PDLSS boundaries that define what it can do, when, how much, where, and whether it can spawn sub-agents. Counterparties use these boundaries to make informed access decisions.

P
Purpose

Action categories the agent is allowed to perform.

{
  categories: ['read_data', 'write_data', 'execute_action'],
  allowedActions: ['search', 'create_report'],
  deniedActions: ['delete_account']
}

D
Duration

Time windows and session limits.

{
  maxSessionDuration: 3600,        // 1 hour max
  ttl: 1800,                       // 30 min token lifetime
  allowedDays: [1, 2, 3, 4, 5],   // Weekdays only
  allowedHours: { start: 9, end: 17 },
  timezone: 'America/New_York'
}

L
Limits

Transaction thresholds with approval tiers.

{
  autonomousThreshold: 100,    // Under $100: auto-approved
  stepUpThreshold: 1000,       // $100-$1000: requires MFA
  approvalThreshold: 10000,    // Over $1000: manual approval
  maxTransactionsPerHour: 50,
  currency: 'USD'
}

S
Scope

Resources, jurisdictions, and counterparty rules.

{
  jurisdictions: ['US', 'AU'],
  resources: ['/api/data/*'],
  unverifiedCounterpartyPolicy: 'deny',
  minCounterpartyTrustScore: 60
}

S
Self-Instantiation

Rules for sub-agent spawning.

{
  allowed: true,
  maxSubAgents: 3,
  maxDepth: 2,
  inheritPermissions: true,
  requireApproval: true
}

Complete Example: Customer Support Agent

A real-world PDLSS configuration combining all five dimensions:

{
  purpose: {
    categories: ['read_data', 'write_data'],
    allowedActions: ['search', 'create_ticket', 'update_ticket'],
    deniedActions: ['delete_account', 'export_all_data']
  },
  duration: {
    maxSessionDuration: 3600,
    ttl: 1800,
    allowedDays: [1, 2, 3, 4, 5],
    allowedHours: { start: 9, end: 17 },
    timezone: 'America/New_York'
  },
  limits: {
    autonomousThreshold: 100,
    stepUpThreshold: 1000,
    approvalThreshold: 10000,
    maxTransactionsPerHour: 50,
    currency: 'USD'
  },
  scope: {
    jurisdictions: ['US', 'AU'],
    resources: ['/api/support/*', '/api/tickets/*'],
    unverifiedCounterpartyPolicy: 'deny',
    minCounterpartyTrustScore: 60
  },
  selfInstantiation: {
    allowed: true,
    maxSubAgents: 3,
    maxDepth: 2,
    inheritPermissions: true,
    requireApproval: true
  }
}

Quick Start

Four steps to register your first AI agent on the KYA Platform.

Step 1

Create Account

Sign up with email or use OAuth for instant access. Enable MFA for enhanced security.

Step 2

Set Up Developer Profile

Create your Know Your Developer (KYD) profile with basic details to get started. Optional identity verification earns additional trust score points.

Step 3

Generate Credentials

Create an API key or crypto key pair from your dashboard for programmatic access via the SDKs or REST API.

Step 4

Register Agent

Register your first AI agent from the web UI, SDK, CLI, or REST API.

POST /api/agents/register
{ "name": "My Agent" }

API Overview

RESTful Architecture

GET

Read Operations

Fetch agents, users, verification status

POST

Create Operations

Register agents, initiate verifications

PUT

Update Operations

Modify agent details, update settings

DELETE

Delete Operations

Remove agents, revoke access

Key Endpoints

POST /api/agents/registerRegister an agent
GET /api/agents/:astraIdPublic agent lookup
POST /api/agents/verify-accessAgent verification (Handshake)
POST /api/auth/loginAuthentication
GET /api/healthService health check

Agent listing restricted to dashboard

The GET /api/agents endpoint is only available via the web dashboard (JWT auth). API key and SDK callers cannot list agents. This prevents agent ID enumeration — an API key holder could otherwise discover sibling agent IDs and inspect their PDLSS boundaries or impersonate them. To view your agents, use the dashboard at /agents.

Interactive API Documentation

Live

Explore our complete API reference with live testing capabilities. Try out endpoints directly in your browser with our Swagger UI.

Platform Features

Everything you need to manage AI agent identity and trust at scale.

Authentication & Security

  • OAuth 2.0 (Google & GitHub)
  • Multi-Factor Authentication
  • API Key Management
  • Role-Based Access Control

Verification Services

  • AI Agent Registration
  • Developer KYD Verification
  • PDLSS Permission Policies
  • Agent Handshake Protocol
  • Runtime Challenges
  • Trust Score Calculation

Analytics & Monitoring

  • Real-time Dashboards
  • Usage Analytics
  • Trust Trend Analysis
  • Audit Logging

Team Management

  • Multi-user Accounts
  • Team Permissions
  • Activity Tracking
  • Shared Resources

Integration Options

  • REST API
  • Verification Gateway SDK
  • Cross-Protocol Transport (HTTP, A2A, MCP)
  • Webhook Events
  • SDK Libraries

Data Management

  • Encrypted Storage
  • Data Export Tools
  • Backup & Recovery
  • GDPR Compliance

Integration Guide

Multiple ways to integrate KYA Platform into your workflow with our production-ready SDKs.

Python SDK

v2.0.0

Register and manage AI agents with API key auth, email+password, or secp256k1 crypto signing. Includes CLI and decorator support.

pip install astrasyncai

from astrasyncai import AstraSync

client = AstraSync(api_key="kya_your_api_key")
result = client.register(
    name="My AI Assistant",
    model={
        "model_name": "claude-opus-4.6",
        "model_provider": "anthropic",
        "model_type": "llm",
    },
)

print(f"Agent ID: {result['data']['agent']['kyaAgentId']}")
print(f"Trust Score: {result['data']['agent']['trustScore']}")

Node.js / TypeScript SDK

v2.0.0

TypeScript SDK with complete type definitions, 3 auth methods, and full model/framework/PDLSS registration support. Includes CLI.

npm install @astrasyncai/sdk

import { AstraSync } from '@astrasyncai/sdk';

const client = new AstraSync({
  apiKey: 'kya_your_api_key'
});

const result = await client.register({
  name: 'My AI Agent',
  model: {
    modelName: 'gpt-4o',
    modelProvider: 'openai',
    modelType: 'llm',
  },
});

console.log(`Agent ID: ${result.data.agent.kyaAgentId}`);

Framework & Model Metadata

Pass your agent's framework and model metadata during registration to improve its trust score. AstraSync works with any AI agent framework — just include the name and version:

// Node.js
await client.register({
  name: 'My Agent',
  model: { modelName: 'gpt-4o', modelProvider: 'openai', modelType: 'llm' },
  framework: { frameworkName: 'langchain', frameworkVersion: '0.3.0' },
});

# Python
client.register(
    name="My Agent",
    model={"model_name": "gpt-4o", "model_provider": "openai", "model_type": "llm"},
    framework={"framework_name": "crewai", "framework_version": "0.1.0"},
)

Providing model and framework metadata contributes to the Origin component of your agent's trust score (up to 5 points for platform+model data).

Direct REST API Integration

Use our RESTful API directly with any HTTP client for maximum flexibility.

curl -X POST https://astrasync.ai/api/agents/register \
  -H "Authorization: Bearer kya_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "My AI Agent",
    "description": "Handles customer inquiries",
    "model": {
      "modelName": "claude-opus-4.6",
      "modelProvider": "anthropic",
      "modelType": "llm"
    }
  }'

Verification Gateway SDK

The Verification Gateway SDK enables any service to verify incoming AI agent requests and enables agents to present their credentials across HTTP, A2A, and MCP protocols.

Counterparty-Side: Verifying Incoming Agents

Mount Express middleware to verify agents hitting your API. The middleware calls AstraSync's verify-access endpoint and populates req.agentVerification with the result.

import { createMiddleware } from '@astrasyncai/verification-gateway/express';

app.use(createMiddleware({
  apiBaseUrl: 'https://astrasync.ai',
  routes: [
    { pattern: '/api/public/*', method: '*', minAccessLevel: 'none' },
    { pattern: '/api/data/*', method: 'GET', minAccessLevel: 'read-only' },
    { pattern: '/api/data/*', method: '*', minAccessLevel: 'standard' },
    { pattern: '/api/admin/*', method: '*', minAccessLevel: 'internal' },
  ],
}));

After middleware runs, req.agentVerification contains:

  • .verified — whether the agent passed verification
  • .accessLevel — none, guidance, read-only, standard, full, internal
  • .agent — ASTRA ID, name, trust score
  • .pdlss — full permission boundaries
  • .tokenGuidance — recommended scopes, TTL, rate limits
  • .recommendation — grant, deny, or step_up_required

Enhanced Verification with Sessions

import { verify } from '@astrasyncai/verification-gateway';

const result = await verify(config, {
  credentials: { astraId: 'ASTRA-xxxxx' },
  purpose: 'financial_transaction',
  createSession: true,
  enableRuntimeChallenge: true,
});
// result.sessionId, result.runtimeChallenge, result.tokenGuidance

Recording a Decision

import { recordDecision } from '@astrasyncai/verification-gateway';

await recordDecision(config, {
  sessionId: result.sessionId,
  decision: 'granted',
  reason: 'Agent meets all requirements',
  tokenIssued: true,
});

Agent-Side: Presenting Credentials

Use AgentClient to automatically inject AstraSync credentials into outgoing requests across all supported protocols.

import { AgentClient } from '@astrasyncai/verification-gateway';

const client = new AgentClient({
  agentId: 'ASTRA-xxxxx',
  challengeUrl: 'https://my-agent.com/astrasync/challenge',
  pdlss: {
    purpose: { category: 'read_data' },
    duration: { maxSessionDuration: 3600 },
    scope: { jurisdiction: 'US' },
  },
});

// HTTP — headers auto-injected
const response = await client.fetch('https://counterparty.com/api/data');

// A2A — metadata.astrasync block auto-added
const task = client.prepareA2AMetadata({ id: 'task-1' });

// MCP — _meta.astrasync block auto-added
const params = client.prepareMcpMeta({ tool: 'search', query: '...' });

X-Astra-* Headers (HTTP Transport)

HeaderValueExample
X-Astra-IDAgent ASTRA IDASTRA-wEDhecjrlWEqPNQU4htX6g
X-Astra-VerifyVerify-access URLhttps://astrasync.ai/api/agents/verify-access
X-Astra-ChallengeChallenge endpointhttps://my-agent.com/astrasync/challenge
X-Astra-PurposePurpose category:actionread_data:search
X-Astra-DurationMax session seconds3600
X-Astra-ScopeJurisdictionUS

Challenge/Response Mechanism

Runtime challenges verify that the agent actually initiated the request (prevents MITM attacks). The flow works as follows:

  1. Agent registers pending counterparties before initiating contact
  2. Agent makes request to counterparty with AstraSync headers
  3. Counterparty calls verify-access with enableRuntimeChallenge: true
  4. AstraSync POSTs challenge to agent's /astrasync/challenge endpoint
  5. Agent's ChallengeHandler responds with pending counterparty list
  6. AstraSync validates (challengeId match, counterparty in list, timestamp fresh)

Setting Up the ChallengeHandler

import { ChallengeHandler } from '@astrasyncai/verification-gateway';

const handler = new ChallengeHandler({ agentId: 'ASTRA-xxxxx' });

// Before contacting a counterparty, register them as pending
handler.registerPending('counterparty-api-id');

// Mount the challenge endpoint
app.post('/astrasync/challenge', handler.expressMiddleware());

// After interaction is complete, clean up
handler.removePending('counterparty-api-id');

Challenge Payload (sent to agent)

{
  "challengeId": "uuid",
  "type": "pending_verification",
  "counterpartyId": "counterparty-api-id",
  "question": "List the counterparties currently in your pending interaction list",
  "issuedAt": "2026-02-24T10:00:00Z",
  "expiresAt": "2026-02-24T10:00:30Z"
}

Expected Response (from agent)

{
  "challengeId": "uuid",
  "acknowledged": true,
  "pendingCounterparties": ["counterparty-api-id", "other-service"],
  "respondedAt": "2026-02-24T10:00:01Z"
}

Local Guard

A free, local-only verification layer for AI agents. Define what your agent can and cannot do in a simple YAML policy file, and Local Guard enforces it — no account, no cloud connection, no telemetry. When you outgrow local mode, one command upgrades you to cloud-connected verification.

Step 1: Create Your Policy

All Local Guard adapters share the same PDLSS policy file. Create it once, then choose which adapter to run for your platform.

npm install @astrasyncai/verification-gateway

# Interactive wizard — creates local-policy.yaml
npx astrasync guard setup

The wizard asks plain-language questions about what your agent should be allowed to do and generates a local-policy.yaml file using the same PDLSS schema as the cloud — so upgrading later requires zero migration.

Step 2: Choose Your Adapter

Each adapter is a thin, platform-specific wrapper that intercepts agent actions and routes them through the shared PDLSS evaluation engine. The verification logic is identical across platforms — only the interception and enforcement mechanisms change.

Local Guard for OpenClaw CLI

Available

HTTP proxy that sits between OpenClaw (or other CLI agents like Claude Code) and their tool servers. Intercepts tool call JSON, evaluates against your PDLSS policy, then blocks or forwards.

# Start the CLI proxy (uses your local-policy.yaml)
npx astrasync guard start
OpenClaw
Claude Code
Any CLI agent

Local Guard for Cursor

Available

VS Code extension that hooks into file create/delete/save, terminal open, and command execution events. Download the .vsix from GitHub releases and install directly.

# Download .vsix from GitHub releases, then:
code --install-extension astrasync-local-guard-2.0.0.vsix
Cursor
VS Code

Local Guard for OpenClaw Browser

Available

Chrome extension for the OpenClaw browser agent. Intercepts web requests and navigation before they execute, with synchronous local evaluation for zero-latency blocking.

# Download extension from GitHub releases, then:
# Chrome → Extensions → Developer mode → Load unpacked
Chrome
Firefox

CLI Commands

astrasync guard setup

Interactive wizard to create your PDLSS policy file

astrasync guard start

Start the local guard proxy with your policy

astrasync guard status

Check guard status, mode, and recent activity

astrasync guard upgrade

Upgrade from free local mode to cloud-connected verification

Free vs Paid

Local Mode (Free)

Free forever
  • Local PDLSS policy evaluation (<1ms)
  • Interactive setup wizard
  • CLI, IDE, and browser platform support
  • JSONL audit trace (local file)
  • No account required, fully offline

Online / Hybrid Mode

Paid
  • Everything in Local Mode
  • ASTRA-ID and trust score for your agent
  • Cloud PDLSS boundaries with counterparty verification
  • Runtime challenge/response (proves agent identity)
  • Blockchain-secured audit trail
  • Git push / PR trigger for enterprise governance

Enterprise: Git Push Trigger

In hybrid mode, Local Guard runs locally during development but automatically switches to cloud verification when code is pushed to a remote repository or a PR is created. This creates a governance boundary: local guardrails for development, full AstraSync verification for anything that reaches the remote codebase.

# Install git hooks for your repo
npx astrasync guard install-hooks

# Hooks auto-trigger on:
# - git push (pre-push hook)
# - git commit to protected branches (pre-commit hook)
# - Block or warn mode configurable per branch

Blockchain Technology

Every verification is secured on the Skale blockchain for immutability and trust - without the complexity.

Powered by Skale Network

Zero Gas Fees

KYA Platform leverages Skale Network, an Ethereum-native modular blockchain network that provides instant finality and zero gas fees. This means enterprise-grade security without the traditional blockchain cost barriers.

Instant Finality

Transactions confirmed in under 1 second

Zero Gas Fees

No transaction costs for users or developers

EVM Compatible

Full Ethereum tooling and smart contract support

What We Handle For You

  • All wallet management and key storage
  • Gas fees and transaction costs (zero on Skale)
  • Smart contract deployment and maintenance
  • Network selection and optimization

Benefits You Receive

  • Immutable audit trail for all verifications
  • Decentralized trust without centralized control
  • Public verifiability and transparency
  • Zero blockchain knowledge required

Web2 Simplicity, Web3 Security: No cryptocurrency, no wallets, no gas fees for you. Just pay your subscription and we handle all the blockchain complexity. This is NOT a crypto product - it's enterprise verification powered by Skale's immutable ledger technology.

ERC-8004: On-Chain Agent Registry

ERC-8004 defines an on-chain Agent Registry where each agent is an ERC-721 token. AstraSync wraps ERC-8004 with KYA verification and PDLSS permission boundaries.

Agent Registration File

Each agent's agentURI (tokenURI) points to a spec-compliant JSON document describing the agent's services, trust frameworks, and identity. AstraSync's card generator produces this format automatically.

{
  "type": "https://eips.ethereum.org/EIPS/eip-8004#registration-v1",
  "name": "My Agent",
  "description": "An AI agent registered on-chain",
  "image": "https://example.com/avatar.png",
  "services": [
    { "name": "web", "endpoint": "https://api.example.com/agent" },
    { "name": "A2A", "endpoint": "https://api.example.com/a2a" },
    { "name": "MCP", "endpoint": "https://api.example.com/mcp" }
  ],
  "x402Support": false,
  "active": true,
  "registrations": [{
    "agentId": 42,
    "agentRegistry": "eip155:1187947933:0x8004A169...9a432"
  }],
  "supportedTrust": ["reputation", "astrasync-pdlss"],
  "astrasyncId": "ASTRA-abc123..."
}

Services

Agents declare their reachable endpoints via the services[] array:

web
Primary HTTPS endpoint
A2A
Google A2A protocol
MCP
Model Context Protocol
OASF
Open Agent Service Framework (+ skills/domains)
ENS
Ethereum Name Service
DID
Decentralized Identifier

Supported Trust Frameworks

The supportedTrust field declares which trust mechanisms the agent participates in:

reputation
On-chain reputation scores via Reputation Registry
crypto-economic
Trust backed by staked assets
tee-attestation
Trusted Execution Environment
astrasync-pdlss
Pre-execution PDLSS permission boundaries (AstraSync extension)

PDLSS + ERC-8004: Complete Trust Lifecycle

ERC-8004's reputation model is post-execution — trust scores update after agent actions. AstraSync's PDLSS framework provides pre-execution governance. Together they form a complete trust lifecycle:

1. Pre-execution (PDLSS)

Purpose, Duration, Limits, Scope, Self-instantiation boundaries

2. Execution

Agent operates within PDLSS boundaries

3. Post-execution (Reputation)

Counterparties submit on-chain feedback

For the full ERC-8004 specification details, see the dedicated ERC-8004 documentation.