StableKYA
Talk to the maintainer Try the gateway
Reference

Know Your Agent.
A credential layer for autonomous payments.

Software is starting to spend money on its own. KYA is the missing handshake — five short proofs an agent presents to a counterparty, machine-readable, signed, and revocable. It's the difference between an instruction and a settled, accountable transaction.

A citation-disciplined reference layer for AI-native financial institutions, agent-payment protocols, and the OCC trust-bank-charter wave.

Run the callable primitiveRead the five checkpoints
Principal bindingdid:web:agent.acme.aiorlei:5493001KJTIIGC8Y1R12
checkpoints
5
KYA-1 through KYA-5
end-to-end
~140ms
intent → signed receipt (p50)
reference vendors
14
across all surfaces
privacy bridge
ZK-ready
compliance without disclosure
Callable primitive

One endpoint. Five verdicts. One signed receipt.

The KYA gateway accepts an intent and returns a structured verdict for each checkpoint plus a single composite outcome. Edit the subject and intent below, then send — the verdicts are computed live by the KYA Map evaluator.

Subject & intent
static reference
http · request
POST /v1/kya/verify  HTTP/1.1
host:           api.stablekya.com
content-type:   application/json

{
  "subject": {
    "did": "did:web:agent.acme.ai",
    "lei": "5493001KJTIIGC8Y1R12"
  },
  "action": {
    "kind":              "transfer",
    "amount":            842,
    "currency":          "USDC",
    "rail":              "agentic",
    "chain":             "base",
    "originJurisdiction": "us-federal"
  }
}

Composite verdict awaiting

Send the intent to populate

Edit the subject & intent, then Send to evaluator.
Architecture

Two surfaces, one protocol.

KYA is a single protocol but it shows up in two very different places. The agent presents proofs; the operator reviews, scopes, and revokes them. Build for one without the other and you have either an oracle no one trusts or a dashboard no one uses.

SURFACE A
The Agent

A long-running process holding a key. It presents the bundle to any party that will accept value. The bundle is small, signed, and re-derivable from on-chain state.

Carries a signed VC (KYA-1)
Receives delegated scope from a registered operator (KYA-2)
Quotes attested balance prior to intent (KYA-3)
Submits intent through gateway (KYA-4, KYA-5)
SURFACE B
The Operator

A human or org accountable for everything the agent does. They register the principal once, set caps and policies, and watch a stream of signed receipts. Revocation is one click and propagates in seconds.

Registers principal and KYC posture once
Mints scoped capabilities for each agent fleet
Defines policy: caps, MCC, jurisdiction, velocity
Audits, freezes, or revokes — all signed
Stable STP · eight stations

One agent-led payment, across the STP lifecycle.

The canonical eight-station Straight-Through-Processing overlay, resolved live against a real path template. Switch the path to compare how x402, AP2, and ACK-Pay light up the same stations.

A1 · AGENTIC X402 PURCHASE · BASE
00
Mandate
01
Intent
02
Identity
03
Discovery
04
Negotiation
05
Transport
06
Authorization
07
Facilitation
08
Finality
09
Disposition
L5 APPLICATIONL4 ACCOUNTL3 EXECUTIONL2 CONSENSUSL1 NETWORKBASE
L5 APPLICATIONCoinbase Smart Wallet platform (CDP SDK / AgentKit) — agent identity + delegation provisioning
L4 ACCOUNTAgent session key ↔ scoped spending envelope (ERC-4337 UserOperation signer)

Step 1 · Agent Wallet (Coinbase Smart Wallet on Base)Policy-Enforced

"The authenticated bank-app login — identity established, spending authority scoped by delegation token before any transaction instruction is composed."

A Coinbase Smart Wallet (ERC-4337) on Base, provisioned via the Coinbase CDP SDK or AgentKit, with session keys scoped to the current agent task. The agent's identity binds to a resolvable DID (did:pkh:eip155:8453 for self-custody agents, did:web for ACK-ID-attested agents); the spending envelope is encoded in the session key itself as a typed ERC-4337 UserOperation signer whose scope is enforced by the account contract.

Builder: `createSmartWallet({ delegation, spendLimit, allowedTargets })` through AgentKit; pair with Cloudflare Worker session-key issuance if you want the delegation signed at the edge rather than by a centralized key service.

Compliance officer: KYA checkpoint KYA-1 (Identity) fires here — the agent's DID must resolve to an identifiable human or organizational principal before any HTTP 402 response is honored. The wallet-provisioning step is the attachment point for the principal entity's customer identification program and transaction-monitoring obligations.

Honesty marker: GENIUS §6 AML/BSA obligations attach to the principal, not the agent itself. The principal's BSA program is inherited by the agent for the duration of the delegation — agents are not standalone BSA-regulated entities, which means the compliance posture of any agent is exactly the compliance posture of the principal that delegated to it. Wallet provisioning is therefore the structural attachment point for the institution's CIP and transaction-monitoring obligations.
Thresholds Triggered
enhanced-due-diligence≥ 50,000 USD — 31 C.F.R. § 1010.610 — Enhanced Due Diligence (correspondent accounts)
Counterparty
Self (agent holds scoped keys via Coinbase Smart Wallet)
Latency
Instant · wallet provision is off-chain
Finality
N/A — no payment yet
Vendors
Coinbase Smart Wallet (ERC-4337) · Coinbase CDP SDK / AgentKit · Cloudflare Workers (session-key issuance pattern) · did:pkh / did:web (DID resolution)
Chain
Base (Coinbase (sole sequencer operator at launch; decentralization on roadmap))
L5 APPLICATIONL4 ACCOUNTL3 EXECUTIONL2 CONSENSUSL1 NETWORKBASE
L3 EXECUTIONCloudflare Worker compliance middleware — Chainalysis OFAC oracle (KV-cached) + AML pattern analyzer (D1-backed)
◆ Enforcement Line — code-enforced at this layer

Step 2 · Compliance Middleware — Sanctions + AMLCode-EnforcedINGESTDETECTALERT

"The SWIFT gpi sanctions-screening leg — no value moves until the list check returns pass — plus the card-network fraud engine's velocity and structuring heuristics running in parallel on the same authorization."

A Cloudflare Worker intercepts the HTTP 402 response before the payment fires and runs the compliance pipeline at the edge. The OFAC gate fires against the Chainalysis sanctions oracle at 0x40C5...8fb on Base — results cached in Workers KV with a 1-hour TTL to keep the hot path under 100ms. Simultaneously, a transaction-pattern analyzer queries the agent's transaction history from D1 and checks for structuring, round-tripping, and smurfing patterns against GENIUS §104(d) monitoring heuristics.

Builder: `await middleware.screen(agentAddress, merchantAddress, amount)` returns a `ComplianceResult` with pass/fail flags for sanctions (hard gate) and pattern score (soft monitor); the pipeline halts on first hard-gate failure. The Worker reverts with HTTP 451 Unavailable For Legal Reasons if the OFAC gate fails, and logs a monitor event (non-halting) if AML patterns trip a soft threshold. The reference middleware implementation is live at `/integrations/x402` and deployable at $0–5/mo on Cloudflare's free tier — KV + D1 + R2 + Secrets, no servers.

Compliance officer: this step satisfies GENIUS §6 (AML/BSA) and §8 (sanctioned-counterparty screening for cross-jurisdictional flows). Edge-computed compliance with cached oracle reads keeps the agentic-payment latency budget intact while preserving the gate's enforcement properties.

Honesty marker: The Chainalysis oracle returns a boolean on-chain, not attestation detail — dispute resolution requires off-chain escalation through Chainalysis's enterprise-channel processes. AML pattern detection is heuristic, not definitive; monitor events become SAR candidates only after human review by the principal's compliance program. The Worker is the enforcement point but not the adjudication point.
Active Compliance Checkpoints
C2BSA/AML/OFAC program for PPSIs — Treasury coordinated rulemaking (pending) — GENIUS Act §10; Public Law 119-27
C8Payment-stablecoin issuance by a PPSI is excluded from federal securities and commodities law — Securities Act §2(a)(1), Exchange Act §3(a)(10), ICA §2(a)(36), IAA §202(a)(18), CEA §1a(9) — GENIUS Act §17; Public Law 119-27
C3AML program — policies/procedures, compliance officer, training, independent testing, CDD — 31 C.F.R. § 1022.210; 31 U.S.C. § 5318(h)
C1CIP — name, DOB, address, ID number verification; government-list screening — 31 C.F.R. § 1022.220
C8FinCEN MSB registration (Form 107) — required before commencing money transmission activity — 31 U.S.C. § 5330; 31 C.F.R. § 1022.380
C8CVC administrator/exchanger classification as money transmitter (FIN-2013-G001; FIN-2019-G001) — FinCEN Guidance FIN-2013-G001
C3314(a) response protocol — 14-day search window; 314(b) voluntary sharing with safe harbor — USA PATRIOT Act §314; 31 C.F.R. §§ 1010.520, 1010.540
C2OFAC SDN List screening — name, alias, address, and (where published) cryptocurrency-address fields. Real-time screening on originator, beneficiary, intermediaries. — 50 U.S.C. § 1702; 31 C.F.R. § 594.201
C250% rule — aggregate beneficial-ownership analysis through the ownership chain — OFAC Guidance 2014-08-13
C2SSI List screening for sectoral-program-restricted activities — E.O. 13662; 31 C.F.R. Part 589
C2Iran-program screening (Iranian government, Iranian financial institutions, Iran-nexus counterparties) — 31 C.F.R. Part 560; E.O. 13599
C2DPRK / Lazarus-Group cluster-address screening (on-chain analytics + OFAC list) — 31 C.F.R. Part 510; E.O. 13722
C2Russia-program screening — blocked banks, oligarch networks, Treasury-OFAC cryptocurrency-address designations — E.O. 14024; 31 C.F.R. Parts 587, 589
C2Five-pillar sanctions compliance program tailored to virtual currency operations — OFAC Virtual Currency Guidance (2021-10-15)
C14Reg E coverage determination — consumer asset account at financial institution (fiat leg) — 12 C.F.R. § 1005.3
C14Pre-auth written authorization; 3-BD stop-payment right; 10-day advance notice for varying amounts — 12 C.F.R. § 1005.10
C13Howey four-factor classification analysis (excludes payment stablecoins per GENIUS §17) — SEC v. Howey, 328 U.S. 293 (1946); GENIUS Act §17 (carve-out)
C8Broker-dealer registration (Form BD) + FINRA membership — Exchange Act §15(a); 17 C.F.R. § 240.15b
C8Tokenized-securities framework — traditional securities-law rules apply to tokenized form — SEC Div. Trading & Markets Staff Statement (2025-12-11)
C8Form ATS registration + broker-dealer status for venues facilitating tokenized-security matching — 17 C.F.R. §§ 242.300–242.304
C13Digital-commodity classification analysis; CFTC anti-fraud/anti-manipulation authority under CEA §6(c)(1) — CEA §§ 1a(9), 6(c)(1); GENIUS Act §17 (carve-out)
C828-day actual-delivery test for margined retail digital-commodity transactions — CEA §2(c)(2)(D); 7 U.S.C. § 2(c)(2)(D)
C8FCM registration + segregation of customer funds + 17 C.F.R. § 1.17 net capital — CEA §4d; 17 C.F.R. § 1.17
C8Swap Dealer registration + 17 C.F.R. Part 23 conduct / margin / reporting standards — CEA §§ 1a(49), 4s; 17 C.F.R. Part 23
C8Broker classification — custodial trading platform / hosted wallet / kiosk / PDAP — 26 C.F.R. § 1.6045-1(a)(1)
C8State MTL in each state where business is conducted with residents — State MTL statutes; MTMA §§ 201–203
C9Tangible net-worth floor, volume-scaled (MTMA §301 schedule or state equivalent) — MTMA §301
C9Volume-scaled surety bond (MTMA §302 schedule or state equivalent) — MTMA §302
C8NMLS licensing portal for multi-state application and reporting — NMLS; MTMA §204
C14Pre-transaction disclosure + post-transaction receipt + error-resolution rights — MTMA §501
C8VASP classification under FATF R.15 Interpretive Note (implemented by member jurisdictions) — FATF R.15 Interpretive Note ¶1–2 (2019)
C8VASP licensing / registration per member-jurisdiction regime — FATF R.15 IN ¶3
C3Full FATF AML/CFT program obligations (R.10–R.21) applied to VASPs — FATF R.15 IN ¶4
C1VASP CDD at onboarding + ongoing — identity verification, beneficial ownership, business relationship purpose — FATF R.10 via R.15 IN ¶4; 2021 Guidance ¶¶36–45
C3Suspicious-transaction reporting to member-jurisdiction FIU (BSA SAR, EU FIU, MAS STR, etc.) — FATF R.20 via R.15 IN ¶4
C8DeFi arrangement VASP-status analysis — control/influence test; 'sufficiently decentralized' is not per se exempt — FATF 2021 Guidance ¶¶67–70
C8Stablecoin arrangement VASP-status analysis — central developer/governance/reserve-manager control test — FATF 2020 Stablecoin Report; 2021 Guidance ¶¶71–76
C2Targeted financial sanctions for proliferation financing — immediate freezing, no-dealings, designated-list screening — FATF R.7; R.15 IN ¶9
C8Authority-level powers-and-tools inventory; gap-closure legislation — FSB HLR 1
C8Functional, activity-based regulation across all GSC functions (issuance, transfer, custody, reserve, validation, governance) — FSB HLR 2
C8Cross-border supervisory cooperation; supervisory colleges for globally systemic GSCs — FSB HLR 3
C8Governance framework with accountability allocation across functions; decentralised-operations accommodation; conflicts-of-interest controls — FSB HLR 4
C9Integrated risk-management framework — reserve management, operational resilience, AML/CFT, fit-and-proper — FSB HLR 5
C8Pre-launch regulatory-readiness attestation in each jurisdiction of operation; payment-systems conditions at scale — FSB HLR 10
C9Internationally active bank — all cryptoasset exposures covered (direct + indirect, banking + trading book) — BCBS SCO60.1–SCO60.3
C9Permissionless-DLT risk mitigation — contractual/technical/supervisory controls + higher infrastructure add-on — BCBS SCO60.95–SCO60.99 (2024)
Thresholds Triggered
enhanced-due-diligence≥ 50,000 USD — 31 C.F.R. § 1010.610 — Enhanced Due Diligence (correspondent accounts)
Counterparty
Chainalysis OFAC oracle + Cloudflare Worker middleware
Latency
<1s · atomic with the settlement call (KV-cached)
Finality
Pre-condition gate — blocks the x402 response completion
Vendors
Cloudflare Workers (edge compliance middleware) · Chainalysis OFAC Oracle (Base) · Cloudflare KV (1-hour TTL cache) · Cloudflare D1 (transaction history store)
Chain
Base (Coinbase (sole sequencer operator at launch; decentralization on roadmap))
L5 APPLICATIONL4 ACCOUNTL3 EXECUTIONL2 CONSENSUSL1 NETWORKBASE
L4 ACCOUNTAgent session key ↔ on-chain delegation state (ACK-ID-attested capability envelope)
L3 EXECUTIONCapability policy engine + ACK-ID delegation verifier (Cloudflare Worker + on-chain gate)
◆ Enforcement Line — code-enforced at this layer

Step 3 · Authorization (ACK-ID Delegation + Capability Envelope)Code-EnforcedINGESTDETECTALERT

"The corporate authorization matrix check — the purchasing agent proves it holds the delegated authority, within category and amount and window, to commit the principal's funds to this specific counterparty."

Before the USDC transfer fires, the Cloudflare Worker verifies that the agent is operating within its capability envelope. The ACK-ID delegation chain is resolved — the agent's session key must derive from a valid principal credential, and the target merchant must be within the delegation's permitted-counterparty set. The capability envelope (part of KYA-2 Authorization) enforces per-transaction limits, daily caps, permitted merchant categories (encoded as MCCs or ACK Rulebook category hashes), and temporal bounds.

Builder: `capabilityCheck({ agent, target, amount, timestamp })` returns `{ allowed: bool, reason?: string }` — the Worker reverts with 403 Forbidden if the agent is out of scope. The envelope is also evaluable off-chain in the Worker itself for latency-sensitive paths; the on-chain check remains the authoritative gate.

Compliance officer: this is the code-enforced KYA-2 (Authorization) checkpoint — delegation verification and capability-envelope evaluation are a single authorization decision. C5 Licensing attaches where the agent operates on behalf of a licensed entity (MTL, NYDFS BitLicense, OCC National Trust charter); the envelope must encode the licensee's permitted product scope and geographic restrictions.

Honesty marker: GENIUS §6 attribution to the principal depends on this step passing. A payment that bypasses the capability envelope cannot be cleanly attributed to the principal's BSA program — the principal's compliance posture only extends to in-envelope agent activity. Out-of-envelope transactions create attribution ambiguity that compliance programs need to resolve case-by-case, which is an unsolved structural surface in agentic commerce as of early 2026.
Active Compliance Checkpoints
C2BSA/AML/OFAC program for PPSIs — Treasury coordinated rulemaking (pending) — GENIUS Act §10; Public Law 119-27
C8Payment-stablecoin issuance by a PPSI is excluded from federal securities and commodities law — Securities Act §2(a)(1), Exchange Act §3(a)(10), ICA §2(a)(36), IAA §202(a)(18), CEA §1a(9) — GENIUS Act §17; Public Law 119-27
C3AML program — policies/procedures, compliance officer, training, independent testing, CDD — 31 C.F.R. § 1022.210; 31 U.S.C. § 5318(h)
C3314(a) response protocol — 14-day search window; 314(b) voluntary sharing with safe harbor — USA PATRIOT Act §314; 31 C.F.R. §§ 1010.520, 1010.540
C2OFAC SDN List screening — name, alias, address, and (where published) cryptocurrency-address fields. Real-time screening on originator, beneficiary, intermediaries. — 50 U.S.C. § 1702; 31 C.F.R. § 594.201
C2Iran-program screening (Iranian government, Iranian financial institutions, Iran-nexus counterparties) — 31 C.F.R. Part 560; E.O. 13599
C2DPRK / Lazarus-Group cluster-address screening (on-chain analytics + OFAC list) — 31 C.F.R. Part 510; E.O. 13722
C2Russia-program screening — blocked banks, oligarch networks, Treasury-OFAC cryptocurrency-address designations — E.O. 14024; 31 C.F.R. Parts 587, 589
C2Five-pillar sanctions compliance program tailored to virtual currency operations — OFAC Virtual Currency Guidance (2021-10-15)
C14Reg E coverage determination — consumer asset account at financial institution (fiat leg) — 12 C.F.R. § 1005.3
C14Pre-auth written authorization; 3-BD stop-payment right; 10-day advance notice for varying amounts — 12 C.F.R. § 1005.10
C9Possession-or-control custody for tokenized securities; segregation of customer cash — 17 C.F.R. § 240.15c3-3; SEC Div. Trading & Markets Staff Statement (2025-12-11)
C9Qualified-custodian custody + client statements + annual independent surprise exam — 17 C.F.R. § 275.206(4)-2
C8Tokenized-securities framework — traditional securities-law rules apply to tokenized form — SEC Div. Trading & Markets Staff Statement (2025-12-11)
C8Form ATS registration + broker-dealer status for venues facilitating tokenized-security matching — 17 C.F.R. §§ 242.300–242.304
C828-day actual-delivery test for margined retail digital-commodity transactions — CEA §2(c)(2)(D); 7 U.S.C. § 2(c)(2)(D)
C8DCO registration + 17 CFR Part 39 core principles compliance — CEA §5b; 17 C.F.R. Part 39
C9Pilot collateral custody, valuation, and risk-management conditions for BTC/ETH/USDC margin — CFTC Press Release 9146-25 (2025-11-03)
C13CEA §6(c)(1) anti-fraud / anti-manipulation authority over spot digital-commodity markets — CEA §6(c)(1); 17 C.F.R. § 180.1
C14Pre-transaction disclosure + post-transaction receipt + error-resolution rights — MTMA §501
C3Full FATF AML/CFT program obligations (R.10–R.21) applied to VASPs — FATF R.15 IN ¶4
C1VASP CDD at onboarding + ongoing — identity verification, beneficial ownership, business relationship purpose — FATF R.10 via R.15 IN ¶4; 2021 Guidance ¶¶36–45
C3Suspicious-transaction reporting to member-jurisdiction FIU (BSA SAR, EU FIU, MAS STR, etc.) — FATF R.20 via R.15 IN ¶4
C8DeFi arrangement VASP-status analysis — control/influence test; 'sufficiently decentralized' is not per se exempt — FATF 2021 Guidance ¶¶67–70
C2Targeted financial sanctions for proliferation financing — immediate freezing, no-dealings, designated-list screening — FATF R.7; R.15 IN ¶9
C8Functional, activity-based regulation across all GSC functions (issuance, transfer, custody, reserve, validation, governance) — FSB HLR 2
C8Cross-border supervisory cooperation; supervisory colleges for globally systemic GSCs — FSB HLR 3
C9Integrated risk-management framework — reserve management, operational resilience, AML/CFT, fit-and-proper — FSB HLR 5
C9Internationally active bank — all cryptoasset exposures covered (direct + indirect, banking + trading book) — BCBS SCO60.1–SCO60.3
C9Permissionless-DLT risk mitigation — contractual/technical/supervisory controls + higher infrastructure add-on — BCBS SCO60.95–SCO60.99 (2024)
Counterparty
ACK-ID delegation verifier + capability policy engine
Latency
<500ms · on-chain + Worker evaluation
Finality
Pre-condition gate — blocks if scope exceeded or delegation stale
Vendors
Catena Labs ACK-ID (delegation verifier) · ACK Rulebook (capability policy schema) · Cloudflare Workers (off-chain envelope evaluation)
Chain
Base (Coinbase (sole sequencer operator at launch; decentralization on roadmap))
L5 APPLICATIONL4 ACCOUNTL3 EXECUTIONL2 CONSENSUSL1 NETWORKBASE
L3 EXECUTIONUSDC ERC-20 contract — EIP-3009 transferWithAuthorization atomic settlement
L2 CONSENSUSBase consensus — single-block confirmation for amounts under institutional thresholds
L1 NETWORKBase network — L2 settlement anchored to Ethereum L1
◆ Enforcement Line — code-enforced at this layer

Step 4 · Atomic x402 Settlement on BaseCode-Enforced

"The beneficiary's credit-to-account event — authorization obtained, list checks passed, funds credit irrevocably to the merchant inside the settlement window."

The x402 payment fires atomically on Base. The agent signs an EIP-3009 `transferWithAuthorization` typed-data message committing to the amount, merchant address, and a single-use nonce; the merchant's contract relays the signed message to USDC's ERC-20 contract, which transfers the funds in a single settlement call. The full stack below the enforcement line (L1 Network, L2 Consensus, L3 Execution) processes the transfer in one Base block (~2s).

Builder: the Worker returns the signed authorization in the `X-Payment` HTTP header; the merchant's resource server calls `ERC20.transferWithAuthorization(from, to, value, validAfter, validBefore, nonce, v, r, s)` and serves the paid resource once the transfer mines. Base settlement finality is strong at one block for amounts under institutional thresholds; Coinbase recommends two-block confirmation for x402 flows above $10K.

Compliance officer: GENIUS §4 reserve-backing obligations apply to the USDC in transit — Circle must maintain 1:1 reserves in USD or short-term Treasuries for every token transferred. Recordkeeping (C11) attaches to the block's transaction hash, which becomes the anchoring reference for the downstream receipt.

Honesty marker: No account relationship is created between agent and merchant. The HTTP 402 flow is intentionally headless, which simplifies the merchant's compliance footprint (no customer data to protect under C14) but also means no relationship-based continuity for repeat Travel Rule screening. Each x402 transaction is a discrete event from the merchant's perspective; the agent's identity continuity sits at the principal level via the ACK-ID delegation chain, not at the merchant-relationship level.
Thresholds Triggered
travel-rule≥ 3,000 USD — 31 C.F.R. § 1010.410(f) — Funds Transfer Recordkeeping / Travel Rule
travel-rule-cross-border≥ 1,000 USD — FATF R.16 Interpretive Note ¶5 — USD/EUR 1,000 cross-border wire-transfer threshold
travel-rule-international≥ 1,000 USD — FATF R.16 Interpretive Note ¶7(b) — USD/EUR 1,000 virtual-asset threshold
Counterparty
Merchant resource contract (x402 endpoint on Base)
Latency
~2s · single Base block
Finality
Final on Base block confirmation (two-block recommended above $10K)
Vendors
USDC (Circle) · EIP-3009 transferWithAuthorization · Base (Coinbase L2) · x402 protocol (HTTP 402 response convention)
Chain
Base (Coinbase (sole sequencer operator at launch; decentralization on roadmap))
L5 APPLICATIONL4 ACCOUNTL3 EXECUTIONL2 CONSENSUSL1 NETWORKBASE
L5 APPLICATIONCloudflare R2 receipt store + public `GET /receipts/:id` verifier endpoint
L4 ACCOUNTW3C Verifiable Credential receipt (X402Receipt) — agent DID + merchant DID + tx hash binding
◆ Enforcement Line — code-enforced at this layer

Step 5 · Verifiable Receipt + Audit Trail (Cloudflare R2)Code-EnforcedINGESTDETECTALERT

"The merchant's daily settlement file plus the bank's Reg E recordkeeping bundle — one artifact for the counterparty, one for the examiner, cryptographically linked to the underlying transfer."

The Cloudflare Worker issues a W3C Verifiable Credential receipt (type `X402Receipt` or `ACKReceipt`) binding the agent's DID, the merchant's DID, the amount, the Base transaction hash, and the compliance screening results from Step 2. The VC is signed with the Worker's receipt-signing key (held as a Cloudflare Secret binding), written to Cloudflare R2 under a key derived from the transaction hash, and the R2 object key is indexed in Workers KV as the audit-log entry.

Builder: a public `GET /receipts/:id` endpoint returns the VC for independent verification — any third party can cryptographically verify the receipt's issuer, non-revocation, and claims without access to Cloudflare infrastructure. Receipts are indexed by tx-hash and queryable via the public verifier endpoint; see `src/workers/x402-middleware.ts` for the canonical schema and the KV/D1/R2 binding declarations.

Compliance officer: satisfies C7 (Travel Rule originator/beneficiary data if the transfer crossed $3,000), C11 (recordkeeping under GENIUS §6 and §4(c) books-and-records), and C12 (independent audit trail for the monthly reserve attestation under §4(b)). The verifiable receipt is the artifact an examiner subpoenas — cryptographically linked to the on-chain transfer, independently verifiable, stored in durable object storage.

Honesty marker: R2 is durable object storage, not a regulated recordkeeping service. Jurisdictions with WORM-storage requirements (FINRA Rule 4511, SEC 17a-4(f)) require additional compliance-grade storage layered on top of the R2 receipts. Cloudflare R2 plus the public verifier endpoint provides cryptographic auditability, but does not by itself satisfy regulator requirements for write-once-read-many evidentiary preservation.
Active Compliance Checkpoints
C2BSA/AML/OFAC program for PPSIs — Treasury coordinated rulemaking (pending) — GENIUS Act §10; Public Law 119-27
C8Payment-stablecoin issuance by a PPSI is excluded from federal securities and commodities law — Securities Act §2(a)(1), Exchange Act §3(a)(10), ICA §2(a)(36), IAA §202(a)(18), CEA §1a(9) — GENIUS Act §17; Public Law 119-27
C3AML program — policies/procedures, compliance officer, training, independent testing, CDD — 31 C.F.R. § 1022.210; 31 U.S.C. § 5318(h)
C11SAR filing via BSA E-Filing — 30-day deadline (60-day extension for identifying suspect) — 31 C.F.R. § 1010.320
C7Originator/beneficiary information transmission (IVMS-101 via Notabene, Chainalysis Connect, Sumsub, TRP, etc.) — 31 C.F.R. § 1010.410(f); FinCEN 2019 CVC Guidance FIN-2019-G001
C3314(a) response protocol — 14-day search window; 314(b) voluntary sharing with safe harbor — USA PATRIOT Act §314; 31 C.F.R. §§ 1010.520, 1010.540
C2OFAC SDN List screening — name, alias, address, and (where published) cryptocurrency-address fields. Real-time screening on originator, beneficiary, intermediaries. — 50 U.S.C. § 1702; 31 C.F.R. § 594.201
C2Iran-program screening (Iranian government, Iranian financial institutions, Iran-nexus counterparties) — 31 C.F.R. Part 560; E.O. 13599
C2DPRK / Lazarus-Group cluster-address screening (on-chain analytics + OFAC list) — 31 C.F.R. Part 510; E.O. 13722
C2Russia-program screening — blocked banks, oligarch networks, Treasury-OFAC cryptocurrency-address designations — E.O. 14024; 31 C.F.R. Parts 587, 589
C2Five-pillar sanctions compliance program tailored to virtual currency operations — OFAC Virtual Currency Guidance (2021-10-15)
C11Blocked-property reporting — initial 10-business-day filing; annual filing by Sept 30 (ORS / TD F 90-22.50) — 31 C.F.R. §§ 501.603, 501.604
C14Reg E coverage determination — consumer asset account at financial institution (fiat leg) — 12 C.F.R. § 1005.3
C1460-day dispute window; 10-BD investigation (or 45-day with provisional credit); 20/90-BD for new accounts — 12 C.F.R. § 1005.11
C14Unauthorized-transfer liability cap — $50 / $500 / unlimited tiers based on reporting timeliness — 12 C.F.R. § 1005.6
C11Monthly statement (if EFT in cycle); quarterly otherwise — with transaction detail and error-notice address — 12 C.F.R. § 1005.9
C11Crypto custody accounting per ASC 450/460 probable-outflow analysis (SAB 122, post-SAB-121 rescission) — SEC SAB 122 (2025-01-23)
C11Form 1099-DA gross-proceeds reporting (per-transaction or aggregated per IRS instructions) — 26 C.F.R. § 1.6045-1(d)
C11Form 1099-DA basis and holding-period reporting for covered digital-asset securities — 26 C.F.R. § 1.6045-1(d)(2)
C11Transfer statement between brokers — acquisition date, basis, holding period — 26 C.F.R. § 1.6045A-1; IRC §6045A
C11January-31 customer payee statement (Form 1099-DA customer copy) — IRC §6045(b); 26 C.F.R. § 1.6045-1(k)
C9Permissible-investments coverage of outstanding obligations; virtual-currency obligations held in like-kind (MTMA §§ 103(d), 303) — MTMA §§ 103, 303
C11Risk-based state examination cycle + Multi-State MSB Examination coordination — MTMA §404; Multi-State MSB Examination Program
C3Full FATF AML/CFT program obligations (R.10–R.21) applied to VASPs — FATF R.15 IN ¶4
C115-year retention of VA transaction records, CDD documents, account files — reconstruction-quality detail — FATF R.11 via R.15 IN ¶4
C3Suspicious-transaction reporting to member-jurisdiction FIU (BSA SAR, EU FIU, MAS STR, etc.) — FATF R.20 via R.15 IN ¶4
C7Risk-based unhosted-wallet screening — counterparty attribution (blockchain analytics), risk-flag monitoring, jurisdiction-specific enhanced measures — FATF 2021 Updated Guidance ¶¶184–197
C2Targeted financial sanctions for proliferation financing — immediate freezing, no-dealings, designated-list screening — FATF R.7; R.15 IN ¶9
C7Originator + beneficiary information transmission in cross-border wire transfers — FATF R.16 (2012 Standards)
C7Originator-FI information sufficiency check; no-execute if required info missing; 5-year record retention — FATF R.16 IN ¶¶5–6
C7Beneficiary-FI information-sufficiency check; risk-based execute/reject/suspend; STR if suspect — FATF R.16 IN ¶7
C7VASP-to-VASP originator/beneficiary information (IVMS-101 via Notabene, TRP, Sumsub, Chainalysis Connect, etc.) — FATF R.16 IN ¶7(b); FinCEN 2019 CVC Guidance FIN-2019-G001
C7Unhosted-wallet risk-based CDD — ownership proof where practicable, transaction limits, enhanced monitoring — FATF 2021 Updated Guidance ¶¶195–203
C8Functional, activity-based regulation across all GSC functions (issuance, transfer, custody, reserve, validation, governance) — FSB HLR 2
C8Cross-border supervisory cooperation; supervisory colleges for globally systemic GSCs — FSB HLR 3
C9Integrated risk-management framework — reserve management, operational resilience, AML/CFT, fit-and-proper — FSB HLR 5
C11Data-access architecture for supervisors — cross-border access, data-protection compatibility — FSB HLR 6
C9Recovery plan + resolution plan with critical-functions continuity; tested and reviewed regularly — FSB HLR 7
C11User and stakeholder disclosures — governance, redemption, reserve, stabilisation, third parties, risks — FSB HLR 8
C9Robust legal claim; at-par redemption commitment; prudential requirements commensurate with stabilisation promise — FSB HLR 9
C9Internationally active bank — all cryptoasset exposures covered (direct + indirect, banking + trading book) — BCBS SCO60.1–SCO60.3
C9Group 1a classification test — four conditions; capital treatment = underlying traditional asset treatment — BCBS SCO60.12–SCO60.15
C9Group 1b classification — redemption-risk test PASS + basis-risk test PASS; algorithmic designs excluded — BCBS SCO60.16–SCO60.18
C9Redemption-risk test — sufficient high-quality short-duration reserves, daily at-par redemption, monthly third-party verification — BCBS SCO60.19–SCO60.25 (2024 revised)
C9Basis-risk test — secondary-market price tracks peg within 10 bps, ≤ 3 breaches in past year — BCBS SCO60.26–SCO60.30
C9Infrastructure risk add-on — 0% default, supervisor may activate up to 2.5% RW add-on; higher for permissionless DLT — BCBS SCO60.92–SCO60.94
C9Group 2a classification — liquidity + observable prices + short capability; modified market-risk framework with hedge recognition — BCBS SCO60.60–SCO60.68
C9Group 2b — 1,250% RWA (dollar-for-dollar capital); greater of long/short, no cross-position netting — BCBS SCO60.70–SCO60.75
C9Group 2 exposure cap — 1% Tier 1 (penalty zone to 2%, breach above); full 2b treatment if 1–2%; supervisory action above 2% — BCBS SCO60.80–SCO60.85
C9Permissionless-DLT risk mitigation — contractual/technical/supervisory controls + higher infrastructure add-on — BCBS SCO60.95–SCO60.99 (2024)
C11Pillar 3 / DIS55 quantitative + qualitative disclosure — group classification, capital, Group 2 ratio, framework — BCBS DIS55
Thresholds Triggered
CTR≥ 10,000 USD — 31 C.F.R. § 1010.311 — Currency Transaction Report
Counterparty
Cloudflare R2 receipt store + public verifier endpoint
Latency
<1s · receipt write is non-blocking after settlement
Finality
Final · receipt issued and indexed for audit
Vendors
Cloudflare R2 (durable object storage) · Cloudflare KV (audit log index) · W3C Verifiable Credentials (X402Receipt schema) · Cloudflare Workers (receipt signing — Secret binding)
Chain
Base (Coinbase (sole sequencer operator at launch; decentralization on roadmap))

Resolved 5 steps across 1 chain(s). 5 threshold(s) triggered. Frameworks: Common Reporting Standard / FATCA.

Coverage notes: 5 disclosed gap(s).

KYA gateway · internal phases

The six phases inside the gateway.

These are the KYA gateway's internal phases, positioned within the broader eight-station STP lifecycle above. Two are one-time; four happen per transaction. Each leaves a signed artifact; missing any one is treated as a hard fail.

01 · one-time
register
Operator binds principal to keys
KYC, jurisdiction posture, scope template, treasury account
operator
02 · per-agent
mint
Capability delegation
Scoped VC with caps, MCC, TTL — re-issued ahead of expiry
operator → agent
03 · per-tx
intent
Agent quotes an intent
Counterparty, amount, MCC, deadline — signed and idempotent
agent
04 · ~120ms
verify
Gateway runs KYA-1…5
Parallel checks; warn flags raise but do not block by default
gateway
05 · on-rail
settle
Stablecoin movement
Atomic burn-mint or PvP — final, no chargeback window
rail · issuer
06 · permanent
receipt
Co-signed inclusion
Merkleized event log, 15y WORM retention, public root
gateway · rail · issuer
Failure mode
Any checkpoint can refuse. The gateway refunds the reserve lock and emits a signed denial — never a silent drop.
p50
142ms
p99
410ms
fail-open
none
audit
mandatory
The five checkpoints

What the gateway actually checks.

Each checkpoint is a small, single-purpose proof. None of them is novel on its own — the value is in the bundle and in the fact that any one of them can fail loudly without breaking the others.

KYA-1Identity

An agent must be provably itself.

Every agent presents a verifiable credential bound to a key it controls. The issuer is a registered entity; the key is rotatable but not transferrable. No anonymous senders, no replay.

Identity is the cheapest check and the one without which nothing else means anything. KYA-1 fails closed.

Reference vendors
PrivadoSpruceTrinsicAnchor

Agent presents a credential W3C-VC 2.0

Signed VC from a registered issuer

awaiting
agent.diddid:web:agent.acme.ai
agent.leilei:5493001KJTIIGC8Y1R12
issuerdid:key:z6Mki…Stellar Foundation
key.algEd25519
key.kided25519:7CqB…F4dN
issued2026-04-12T08:21Z
expires2027-04-12T08:21Z 11mo

Verification pipeline

Deterministic, replayable

1
Fetch DID document
did:web:agent.acme.ai
2
Resolve public key
ed25519:7CqB…F4dN
3
Verify Ed25519 signature
sig:0xa9c2…b7e1
4
Check key non-revocation
crl: 0 entries
DID or LEI

KYA-1 accepts either a Decentralized Identifier (W3C DID) or a Legal Entity Identifier (ISO 17442 LEI / GLEIF vLEI) as the principal-binding primitive. The vLEI is the regulator-recognized shape at the OCC trust-bank tier; the DID is the developer-native shape for agent identity. KYA binds the agent to either.

KYA-2Authorization

The agent must act on behalf of someone real.

A capability chain runs from a registered principal down to the session key. Scopes can narrow at every link but never widen. Revoke the parent and every child stops in seconds.

Authorization is what makes the agent answerable — and what makes velocity caps, MCC restrictions, and time bounds enforceable upstream of the rail.

Reference vendors
Stytch · M2MAuth0 · FGAWorkOS · VaultPermit.io

Delegation chain ZCAP-LD

Each link is a signed attestation. Scope can only narrow.

3-of-3 valid
Granted scopes
payment.execute.<=$2kpayment.merchant.MCC:5411,5812session.ttl<=1h
Each capability is a verifiable credential. Revocations propagate via short-TTL discovery (≤5min).
KYA-3Solvency

Funds must be reservable, not just present.

The issuer signs a balance-lock for the duration of the intent. The agent cannot double-spend a reserve; the counterparty knows the money exists before it lifts a finger.

Stablecoins make solvency a first-class primitive. KYA-3 is the layer that converts a balance read into a contract.

Reference vendors
Circle MintBridgeAnchorageBitGo

Reserve attestation USDC · Stellar

Custody-signed proof of allocatable balance

sufficient
Vault
$14,320.55
reserved available
Pending intent
$842.00
Slide to test reserve sufficiency
Headroom
+$3678.55
Issuer commits a 5.9% lock for the duration of the intent.
circulating
$1.83B
issuer reserves
lock TTL
90s
auto-release
settle p99
4.1s
last 7d
chargeback
final settlement
KYA-4Compliance

Policy is code, evaluated at intent-time.

Sanctions, jurisdiction, MCC allow-lists, counterparty risk, velocity caps. Every rule is a deterministic predicate the operator can read, version, and override. The result is a signed policy decision, not a hunch.

Compliance is where most real-world deployments die. KYA-4 makes the policy surface auditable and the failure modes legible.

Reference vendors
ChainalysisTRMEllipticComplyAdvantage

Policy matrix OPA · Rego

Evaluated at intent-time. Decisions are signed and archived.

1 advisory
Operator sanctions screening
last sync 14m ago
OFAC SDN · EU CFSP · UN
pass
Operator jurisdiction policy
matches policy P-04
Acme — incorporated DE/US
pass
Merchant MCC allow-list
agent scope ✓
MCC 5411 (Grocery)
pass
Velocity (24h aggregate)
37% of cap
$1,840 / $5,000
warn
Geographic anomaly
no flag
origin: us-east-1
pass
Counterparty AML score
tier: trusted
Chainalysis — score 4
pass
Advisory · velocity

Agent has used 37% of its rolling 24h cap. Approved, but flagged for the operator's evening review queue. Configurable in policy/velocity.rego.

KYA-5Audit

Every event leaves a tamper-evident trace.

Intent, verification, settle, and receipt are co-signed by issuer, gateway, and counterparty, then appended to a public inclusion log. A 15-year retention guarantee makes the operator's job — and the regulator's — tractable.

Audit is what lets a CFO trust an autonomous purchaser, and what lets a regulator sleep at night. Without it, the rest is theatre.

Reference vendors
SigsumAWS QLDBTesserain-house

Tamper-evident receipt Merkle log

Merkleized event log · signed by issuer, gateway, and counterparty

root verified
08:42:01.214intent.createdagent0x9f2…b1
08:42:01.302identity.verifiedgw0x4a7…c3
08:42:01.388auth.delegatedgw0x82c…d4
08:42:01.451solvency.attestedissuer0x1d3…e5
08:42:01.612policy.evaluatedgw0xc06…f2
08:42:01.840settle.executedrail0x57e…a1
08:42:01.847receipt.signedgw0xaf9…00
Merkle root
0x7ad4 91b2 c0f8 e314 88a9 5e21 6b7c d3fa
p50
~140ms
intent → receipt
issuer · gw · rail
3-party
co-signatures
on inclusion log
15y
WORM retention
Audit — KYA-5 artifact

The proof an examiner can read.

KYA-5 is not a log line — it is an exportable bundle. From one x402 receipt, the examiner-export layer emits an OFAC sanctions-screening trace and a FinCEN SAR-format narrative, keyed to agent identity, with every obligation citing the rule it implements. The artifact neither Circle's Agent Stack nor Catena's ACK stack produces today.

examiner bundlePASS · auto-approved

A compliant agentic USDC payment, exported from a single x402 receipt. Seven obligations mapped to KYA-1…5, each citing the rule it implements.

31 CFR 501 · 1010.320 SAR · 1010.430 records · §314(a) 1010.520 · NCCoE Pillar 4 → open ↗
examiner bundleBLOCK · SAR required

The reject branch: a retroactive OFAC designation. The export re-screen diverges from the edge result and the SAR narrative path engages.

31 CFR 501 · 1010.320 SAR · 1010.430 records · §314(a) 1010.520 · NCCoE Pillar 4 → open ↗

Live mode reads the real Arc testnet transaction and Circle's Compliance Engine; where a credential is absent the bundle runs degraded and says so — provenance and degradation are recorded, not hidden. The honesty is the point.

Protocol landscape

Where KYA fits among agent-payment protocols.

KYA is a credential layer, not a payment rail. These maps place it against the agent-payment protocols it sits beside — ACK and x402, CCTP cross-chain settlement, and the AP2 × ACP convergence.

KYA supplies the credential layer that ACK and x402 both assume but neither defines: who the agent is, who it acts for, and within what envelope. ACK wraps x402 rather than competing with it; KYA is the proof bundle each presents at the boundary.

0Intent1Identity2Discovery3Negotiation4Transport5Authorization6Facilitation7FinalityIntentIdentityDiscoveryNegotiationTransportAuthorizationFacilitationFinalityACKx402SharedComplementaryDelegatesSource: agentcommercekit.com · x402.org

When value moves cross-chain via CCTP and x402, the KYA verdict travels with the intent — identity and authorization are resolved once, before burn, and the receipt is co-signed across the bridge.

0Intent1Identity2Discovery3Negotiation4Transport5Authorization6Facilitation7FinalityIntentIdentityDiscoveryNegotiationTransportAuthorizationFacilitationFinalityCCTPx402SharedComplementaryEnablesSource: circle.com/cctp · x402.org

Google's AP2 and the ACP agent-commerce protocol converge on the same need for a portable principal credential. KYA is the shape that satisfies both — the same five checkpoints, surfaced to either protocol's mandate model.

0Intent1Identity2Discovery3Negotiation4Transport5Authorization6Facilitation7FinalityIntentIdentityDiscoveryNegotiationTransportAuthorizationFacilitationFinalityAP2ACPSharedComplementaryCompetingSource: developers.google.com/pay/agents · openai.com/acp
Vendor map

Who supplies which surface.

A non-exhaustive list of vendors that already implement pieces of this stack, mapped to the checkpoint they serve. Substitutability is the goal; no single vendor needs to be load-bearing.

14 of 14
VendorSurfaceCheckpointsStatusNotes
PRPrivado IDAKYA-1productionW3C VC issuance · DID resolution
SPSpruceAKYA-1productionVerifiable credential tooling
STStytch M2MABKYA-2productionOAuth client credentials + capability tokens
AUAuth0 FGABKYA-2productionFine-grained relation graph for scopes
WOWorkOS VaultBKYA-2productionSecrets + key custody for operators
CICircle MintAKYA-3productionUSDC issuance · reserve attestation
BRBridgeAKYA-3productionStablecoin orchestration · multi-rail
ANAnchorageAKYA-3productionCustody · settled balances
CHChainalysisBKYA-4productionAML scoring · sanctions screening
TRTRM LabsBKYA-4productionReal-time risk · counterparty graph
COComplyAdvantageBKYA-4productionSanctions, PEP, adverse media
SISigsumBKYA-5betaTransparency log · cosigning
AWAWS QLDBBKYA-5productionAppend-only ledger for receipts
KYKYA ReferenceABKYA-1KYA-2KYA-3KYA-4KYA-5alphaOpen-source reference gateway
Operator console — surface B

A working preview of the dashboard the operator sees.

The operator's surface is deliberately small. Fleets, caps, advisories, receipts. Anything more is a footgun.

operator.kya.dev/acme
live
Acme Robotics
Production
24h spend
$35,942
36% of $99k cap
Overview

Active fleets

fleet-procurement-7
14 agents online · last receipt 2m ago
healthy
$1,840/ $5,000
37%
fleet-customer-support
38 agents online · last receipt 2m ago
healthy
$412/ $2,000
21%
fleet-trading-experimental
3 agents online · last receipt 2m ago
warn
$11,210/ $12,000
93%
fleet-vendor-payouts-eu
6 agents online · last receipt 2m ago
healthy
$22,480/ $80,000
28%
Recent advisory
fleet-trading-experimental — velocity 93%
Auto-reviewed at 19:42 · approved, 1 of 3 caps remaining
warn
Throughput · last 1h
1,284 receipts · 100% verified
p50 138ms · p99 402ms · 0 denials
healthy
Install — surface C

Connect the KYA tools to your agent in one paste.

StableKYA ships as a remote MCP server. Add the block below to your Claude Desktop or Cursor config, restart, and the four tools appear in your agent's toolbelt — backed by the same engine as the callable gateway above.

Endpoint
streamable httphttps://mcp.stablekya.com/mcp
ssehttps://mcp.stablekya.com/sse
claude desktop · cursormcpServers config
json · mcp config
{
  "mcpServers": {
    "stablekya": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://mcp.stablekya.com/sse"]
    }
  }
}

Four tools MCP

Available the moment the server connects

screen_agentBoolean go/no-go on (agent, context).
attest_agentIssue a signed agent Verifiable Credential.
attest_mandateIssue a signed mandate VC over an AP2 chain.
lookup_reputationRead-only behavior aggregate for an agent.
Tools sign with the same Ed25519 issuance key as the gateway. Receipts are externally verifiable against the published key at did:web:stablekya.com (JWKS). Off-chain knowledge lane — assess + attest, never custody or settle.
Privacy bridge

Compliance, without disclosure.

Most KYA checks can be answered with a yes-or-no: is this operator KYC'd? is this counterparty unsanctioned? is the agent within scope? KYA bundles a ZK-friendly proof format so the gateway can answer truthfully without leaking the underlying record.

Proof envelope
claimoperator.is_kyc
claimoperator.jurisdiction ∈ {US,EU,UK,SG}
claimcounterparty.aml_score < 10
claimagent.spend_24h < 5000 USDC
claimmerchant.mcc ∈ allowlist
Zero records of operator name, address, EIN, MCC trace leave the operator's jurisdiction. Only the proof.
StableKYA · An independent, citation-disciplined reference layer for agent-payment compliance. · Provenance · Contact