What makes KYA different from regular IAM tools?

Traditional IAM (like Auth0, Okta) is designed for humans who log in. AI agents operate differently: they act continuously, autonomously, and at machine speed. KYA is built specifically for agent identity, with short-lived capability tokens, action-level verification, and cryptographic signatures on every request.

Yes. KYA is fully open-source (Apache 2.0) and ships with a Docker Compose setup. You can run the full stack (API + PostgreSQL + Redis) on your own infrastructure in minutes.

What latency does the /verify endpoint add?

The /verify endpoint targets a p99 latency under 20ms when self-hosted. KYA also supports a local verification mode with a Redis-backed policy cache that eliminates the network hop entirely.

How does revocation work?

Agent revocation is immediate. Within seconds, all subsequent verify calls for that agent return DENY. Capability revocation (for in-flight JWTs) uses a Redis blacklist with matching TTL. No waiting for token expiry.

What programming languages are supported?

KYA ships with official SDKs for JavaScript/TypeScript (@kya/sdk-js) and Python (@kya/sdk-python). Both include Ed25519 key generation, canonical JSON serialization, and typed API clients. The REST API works with any language.

Is the audit log tamper-proof?

Yes. Each workspace maintains a SHA-256 hash chain over its audit events. Any modification to historical events breaks the chain and is immediately detectable. This design satisfies the tamper-evidence requirements for SOC2 and ISO 27001 audits.

Know Your AgentDocs

Blog GitHub fr Get started

Use Case

Secure OpenAI Function Calling with Identity & Permission Control

OpenAI function calling lets your LLM trigger real-world actions. KYA adds the missing security layer: cryptographic agent identity, per-function policies, spend limits, and a tamper-proof audit log.

Why OpenAI function calling needs a permission layer

When your LLM calls a function, it's making a real-world decision on your behalf. The function might charge a customer, send an email, or modify a database. OpenAI's API has no way to enforce 'this function can only be called with amounts under €100' — that logic lives outside the LLM.

The KYA verify pattern for function calls

import openai
from kya import KYAClient

kya = KYAClient(api_key="kya_...")

def execute_function_call(agent_id, function_name, arguments):
    # Verify before execution
    result = kya.verify(
        agent_id=agent_id,
        action=function_name,
        payload=arguments,
    )

    if result.decision != "ALLOW":
        return {"error": f"Denied: {result.reason_code}"}

    # Execute the actual function
    return FUNCTIONS[function_name](**arguments)

Policy example for payment functions

{
  "agent": "agt_checkout_assistant",
  "rules": {
    "allowed_tools": ["create_charge", "issue_refund"],
    "spend_limits": {
      "max_per_tx": 200,
      "max_per_day": 2000
    },
    "deny_if": {
      "currency": ["not in", ["EUR", "USD"]]
    }
  }
}

Prompt injection protection

If an attacker injects a prompt that convinces your LLM to call `delete_all_records`, KYA will deny it — because that function isn't in the agent's allowed_tools list. Policy enforcement happens server-side, outside the LLM's control.

Add KYA to your agent

Get identity, permissions, and audit logs in under 5 minutes.

Quickstart guide →API Reference

LangChain Agent Permissions with KYA →Tamper-Proof Audit Log for AI Agents →KYA vs Auth0 for AI Agents →KYA vs AWS IAM for LLM Agents →