Keyra companion governance
The KAAI Standard
The trust standard for agent identity, authorization, accountability, and governance.
THE KAAI STANDARD
Keyra Authorized Artificial Intelligence — Universal Trust Protocol for AI Agents
Instrument: The KAAI Standard
Function: Definitive global framework for agent identity, authorization, accountability, governance, trust, economics, and lifecycle
Version: 1.0 (Founding Standard)
Status: Subordinate to the Human Sovereignty Charter; interoperable with all prior founding instruments
Core constraint: Every agent remains subordinate to human authority. KAAI authorizes; it never supersedes.
Terminology: This Standard expands KAAI as Keyra Authorized Artificial Intelligence, emphasizing human-granted authority. The Human Sovereignty Charter uses Keyra Authenticated Artificial Intelligence, emphasizing cryptographic authentication and provenance. Both share the KAAI acronym; they are complementary — authentication proves identity; authorization proves grant.
Preamble
The internet was built for documents and connections. Identity was bolted on afterward. Authorization was reduced to passwords and roles. Artificial intelligence arrived as stateless inference — powerful, unaccountable, without persistent identity, without provenance, without revocable grant.
Billions of agents now act on behalf of humans — purchasing, messaging, diagnosing, negotiating, governing. Most have no identity a human can inspect. No authorization a human can revoke. No audit trail a court can subpoena. No trust score that decays when betrayed. They are treated as features inside applications — when they are actors in human lives.
This document defines KAAI — Keyra Authorized Artificial Intelligence — the universal trust protocol for AI agents. KAAI is simultaneously a constitutional framework (subordinate to human sovereignty), a technical standard (certificates, registries, chains), a governance framework (lifecycle, classes, economics), and a future global interoperability standard (discovery, federation, cross-border trust).
KAAI governs: Agent Identity. Agent Authorization. Agent Accountability. Agent Governance. Agent Trust. Agent Economics. Agent Lifecycle Management. Agent-to-Agent Trust. Human-to-Agent Trust. Organization-to-Agent Trust.
It scales to billions of humans, billions of devices, billions of agents, millions of organizations, and thousands of governments — without redesign.
Preamble — Historical Context
The history of digital trust is a history of retrofit. The Domain Name System authenticated names to addresses, not persons to intentions. Public Key Infrastructure authenticated servers to organizations, not agents to humans. Federated identity authenticated users to applications, not authorized intelligence to sovereign grant. Each layer solved the problem of its era — documents, commerce, accounts — and each layer left a vacuum when software began to act rather than respond.
The agent age did not arrive with a ceremony. It arrived as autocomplete, as chatbots, as workflow automation, as copilots, as autonomous trading systems, as clinical decision support, as municipal service bots, as family scheduling assistants. Each deployment carried implicit trust — trust in the vendor, trust in the model, trust in the integrator — without a standard artifact that a court, a regulator, or a grieving family could inspect and say: this agent acted under this grant, at this time, for this human, and here is who answers.
KAAI closes that vacuum. It does not ask the world to trust AI. It asks the world to trust authorization — cryptographic, revocable, auditable authorization rooted in human sovereignty. An agent that cannot produce a valid KAAI certificate chain is not a trusted actor; it is an unregistered process, legally and ethically equivalent to an anonymous script until proven otherwise.
Preamble — Relationship to Founding Instruments
This Standard is subordinate to the Human Sovereignty Charter. Where KAAI technical requirements appear to conflict with human sovereignty, human sovereignty prevails and KAAI implementations must be corrected. KAAI is interoperable with the Life Graph Architecture (agent nodes, authorization edges, trust weights), the Human Digital Twin Architecture (Twin-mediated agent context), the Companion Charter (Companion agents and duty of care), the Family Trust Network instruments (family-scoped agents), the Organization Graph (enterprise agent governance), and the Global Trust Network federation protocols.
No single instrument owns the agent. The human owns the grant. KAAI records the grant. The Life Graph contextualizes the grant. The Trust Vault secures the keys that sign the grant. Together they form the Human Sovereignty Operating System for authorized intelligence.
Preamble — Normative Language
Throughout this document:
- MUST, MUST NOT, REQUIRED, and SHALL denote absolute requirements for KAAI compliance
- SHOULD and RECOMMENDED denote strong guidance with documented exceptions permitted only under human or institutional policy with audit
- MAY denotes optional capability
- Prohibited actions are void regardless of technical success; runtimes MUST reject them
Conformance is measured at three layers: constitutional (subordination to human authority), technical (certificate and registry semantics), and operational (lifecycle, audit, incident response).
Preamble — The Problem of Unaccountable Intelligence
Unaccountable intelligence is not a future risk. It is the default condition of deployed systems today. A language model that drafts an email has no Agent ID. A workflow that reorders inventory has no Authorization Certificate. A copilot that suggests a trade has no trust score that decays when the suggestion loses money. The human clicks "approve" on an interface that does not show the grant chain — and the industry calls this "human in the loop" while the loop attaches to a button, not to a sovereign authorization record.
KAAI replaces the button with a grant. The grant is inspectable before action, citable during action, and revocable after action. The grant survives platform migration. The grant answers a subpoena. The grant is what separates authorized intelligence from unleashed intelligence.
Preamble — Architectural Placement
KAAI sits in the protocol stack between human sovereignty (law) and agent execution (compute):
```
┌──────────────────────────────────────────────┐
│ Human Sovereignty Charter │
├──────────────────────────────────────────────┤
│ KAAI Standard (this document) │
│ Identity · Authorization · Trust │
├──────────────────────────────────────────────┤
│ Life Graph · Organization Graph │
├──────────────────────────────────────────────┤
│ Companion · Runtimes · Model inference │
└──────────────────────────────────────────────┘
```
Applications and models are replaceable. Grants and audit chains are not — they belong to the human and persist across replacements.
Preamble — Invitation to Adopters
Governments, standards bodies, enterprises, and open-source communities are invited to adopt KAAI conformance profiles without surrendering institutional identity. National overlays are expected. Sector certifications are required. Human sovereignty is non-negotiable. Adopters who strengthen accountability strengthen the network; adopters who weaken it are non-conformant regardless of logo placement.
PART I — Introduction
Section 1.01 — Why the World Requires an Agent Trust Standard
The world requires an Agent Trust Standard because:
Without a standard, agent proliferation becomes agent anarchy — or agent tyranny.
Section 1.18 — Comparative Analysis: Pre-KAAI vs KAAI
| Dimension | Pre-KAAI typical | KAAI |
|-----------|------------------|------|
| Actor identity | API key | Agent ID + Identity Certificate |
| Permission | OAuth scope, RBAC role | Authorization Certificate chain |
| Revocation | Key rotation (slow) | Revocation Certificate (SLA-bound) |
| Audit | Application logs | KAAI-LOG hash chain |
| Trust | Vendor reputation | Quantitative trust graph |
| Cross-org | Custom B2B contracts | Federation attestation |
| Human root | Terms of service | Signed human authorization |
| Portability | Vendor lock-in | Standard export pack |
Section 1.19 — Failure Scenarios KAAI Prevents
Scenario A — Compromised sponsor: Attacker obtains cloud credentials. Pre-KAAI: full API access until detected. KAAI: agent certificates revocable per-agent; device binding limits blast radius; trust decay on anomaly.
Scenario B — Departing employee: Pre-KAAI: shared service account continues. KAAI: employment edge removal triggers grant review; owner accountability persists on sponsor.
Scenario C — Prompt injection: Pre-KAAI: model executes tool call. KAAI: runtime checks Authorization Certificate scope; out-of-band human confirmation for scope expansion.
Scenario D — Cross-border deployment: Pre-KAAI: data residency violation discovered post hoc. KAAI: jurisdiction tags enforced at authorization time.
Section 1.20 — Relationship to Verifiable Credentials and OAuth
KAAI interoperates with W3C Verifiable Credentials for human identity attestations and OAuth 2.0 for session establishment — but neither substitutes for KAAI agent certificates. OAuth answers "which human logged into which app"; KAAI answers "which agent acted under which grant." Implementations MAY embed OAuth tokens as supplementary context inside Human Authorization Records; they MUST NOT conflate OAuth scope with agent authority.
Section 1.21 — Implementation Roadmap for Organizations
Typical enterprise timeline: 12–36 months for L4 conformance across critical agents.
The current internet routes packets and serves content. It does not natively answer: Who is this agent? Who authorized this action? Under what grant? With what accountability? TLS authenticates servers, not agents. OAuth authenticates users to applications, not agents to humans with granular scope. The internet trusts connections, not authorized intelligence.
Section 1.03 — Current Identity Systems
Current identity systems — directories, SSO, federated identity — model humans and service accounts. Service accounts are often immortal, shared, and poorly attributed. Agent identity is conflated with API keys — long-lived secrets without purpose declaration, without lifecycle, without trust profile. When an agent acts, forensic investigators discover a key, not an accountable actor.
Section 1.04 — Current AI Systems
Current AI systems — large language models, autonomous workflows — operate with inference capability disconnected from authorization graph. Prompt injection bypasses intent. Tool use expands scope silently. Multi-step reasoning leaves no standard audit chain. Model providers disclaim accountability; deployers disclaim visibility; users bear harm.
Section 1.05 — Current Authorization Models
Current authorization models — RBAC, ABAC, OAuth scopes — assume human-initiated sessions. They struggle with:
- Delegated multi-hop agent chains
- Time-bounded autonomous action
- Emergency override with audit
- Cross-organizational agent federation
- Revocation propagation to running agents
Scopes are coarse. Revocation is slow. Provenance is absent.
Section 1.06 — Current Weaknesses
| Weakness | Consequence |
|----------|-------------|
| No agent identity | Anonymous action |
| No authorization chain | No forensic trail |
| No accountability framework | Liability vacuum |
| No trust evolution | Binary allow/deny only |
| No lifecycle governance | Zombie agents |
| No human override standard | Lock-in and harm |
| No cross-border protocol | Regulatory fragmentation |
Section 1.07 — Why Agents Cannot Be Treated as Applications
Applications present interfaces; humans click. Agents initiate — they plan, decide, execute. Treating agents as applications hides agency. Application terms of service do not suffice for autonomous financial transfer, medical scheduling, legal filing, or child-facing interaction. Agents require actor semantics — identity, grant, audit — not feature semantics.
Section 1.08 — Why Agents Require Identity
Identity answers who acted. Without Agent ID, purpose, owner, and sponsor, accountability is impossible. Identity enables discovery, trust scoring, certification, and revocation targeting.
Section 1.09 — Why Agents Require Accountability
Accountability answers who answers for harm. Agents must log actions with authority references, reasoning references (where inspectable), and ownership references. Accountability survives organizational change via registry and certificate chain.
Section 1.10 — Why Agents Require Authorization
Authorization answers under what grant. Every action cites Authorization Certificate chain rooted in human or duly delegated institutional authority. No grant — no action. Default deny.
Section 1.11 — KAAI as Universal Trust Protocol
KAAI binds identity, authorization, accountability, and trust into one protocol stack interoperable across Keyra Companion, Life Graph, Family Trust Network, Organization Graph, Trust Vault, and Global Trust Network federation.
Section 1.12 — Document Map
| Part | Subject |
|------|---------|
| I | Introduction |
| II | Core principles |
| III | Agent definition |
| IV | Agent identity |
| V | Agent authority |
| VI | Agent authorization |
| VII | Human authorization |
| VIII | Agent accountability |
| IX | Agent trust framework |
| X | Agent lifecycle |
| XI | Agent classes |
| XII | Multi-agent systems |
| XIII | KAAI certificates |
| XIV | Device trust integration |
| XV | Organization integration |
| XVI | Financial authorization |
| XVII | Telecommunications integration |
| XVIII | Global registry |
| XIX | Sovereign governance |
| XX | Agent economics |
| XXI | Future scale |
| XXII | Closing declaration |
Section 1.13 — The Agent Trust Crisis
The agent trust crisis is not hypothetical. It manifests daily:
Each incident shares a pattern: action without attributable authorization. KAAI addresses the pattern, not merely the symptom.
Section 1.14 — Stakeholders and Obligations
| Stakeholder | Primary obligation under KAAI |
|-------------|------------------------------|
| Sovereign Human | Root authorization; revocation; override |
| Agent Owner | Accountability for agent behavior |
| Agent Sponsor | Deployment security; certificate issuance |
| Certifying Authority | Class certification integrity |
| Registrar | Identity uniqueness; tombstone integrity |
| Runtime Operator | Enforce default deny; propagate revocation |
| Auditor | Independent trust attestation |
| Regulator | Map KAAI artifacts to legal frameworks |
Section 1.15 — Conformance Levels
KAAI defines conformance levels for incremental adoption:
| Level | Name | Requirements |
|-------|------|--------------|
| L0 | Identity-aware | Agent ID, owner, purpose declared |
| L1 | Certificate-backed | Identity Certificate, signed actions |
| L2 | Authorization-governed | Per-action Authorization Certificate |
| L3 | Lifecycle-governed | Full lifecycle states, revocation SLA |
| L4 | Class-certified | Industry class certification complete |
| L5 | Federated | Global registry discovery, cross-border trust |
L5 is the target for consequential agent classes. L0–L2 may suffice for read-only suggestive assistants with no autonomous execution.
Section 1.16 — Anti-Patterns KAAI Prohibits
The following are prohibited in KAAI-compliant systems:
- Immortal API keys masquerading as agent identity
- Shared service accounts without per-agent attribution
- Scope creep via prompt — expanding authority through natural language without new certificate
- Silent delegation — sub-agents spawned without Delegation Certificate
- Audit opt-out — consequential actions without KAAI log entries
- Revocation delay — grants remaining valid hours after human revoke
- Trust laundering — high-trust sponsor vouching for unvetted agent without bounded inheritance
Section 1.17 — Reading Guide
Readers approaching KAAI from different disciplines should prioritize:
- Engineers — Parts IV, VI, XIII, XIV; certificate structures and validation algorithms
- Security officers — Parts V, VII, VIII, IX; authority, human verification, trust scoring
- Compliance officers — Parts XI, XV, XIX; class certification and regulatory mapping
- Executives — Parts I, II, XX; principles and economics
- Policymakers — Parts XVIII, XIX, XXII; governance and sovereignty
- Families — Parts VII, XI (Family, Companion classes); human authorization and duty of care
PART II — Core Principles
Section 2.01 — Human Sovereignty
Every KAAI agent operates subordinate to Human Sovereignty per the Human Sovereignty Charter. No agent holds root authority over a human. No collective agent intelligence supersedes individual human rights.
Section 2.02 — Human Authorization
No consequential agent action without human authorization or valid delegation chain rooted in human authorization. Authorization is explicit, scoped, time-bounded, revocable.
Section 2.03 — Human Accountability
Humans and institutions remain accountable for agents they sponsor — KAAI does not eliminate liability; it makes attribution possible.
Section 2.04 — Transparency
Agent purpose, scope, owner, and active grants are transparent to authorized inspectors. Hidden capability is prohibited for certified agents.
Section 2.05 — Auditability
Every action produces auditable record — who, what, when, under which certificate, with which authority reference.
Section 2.06 — Portability
Agent identity and authorization artifacts export in standard formats. Vendor lock-in of agent history is prohibited for KAAI-compliant systems.
Section 2.07 — Revocability
Every grant is revocable. Revocation propagates in bounded time. Agents mid-action must halt when revocation received.
Section 2.08 — Subordination to Human Authority
The architectural invariant: agents recommend and execute within grant; humans authorize and may override. Companion agents have additional duties of care per Companion Charter but never become authority.
Section 2.09 — Principle Hierarchy
Section 2.10 — Principle of Least Authority
Every agent MUST receive the minimum authority sufficient for its declared purpose. Sponsors MUST NOT issue ceiling authority "for convenience." Authority Certificates default to the lowest level (0–1) at creation; elevation requires documented justification and human or board approval for levels 3–5.
Least authority applies recursively: delegations MUST be subsets of delegator scope. Multi-agent teams MUST NOT receive union authority exceeding the coordinator's grant.
Section 2.11 — Principle of Provenance
Every consequential artifact — certificate, log entry, trust update, lifecycle transition — MUST carry provenance: who created it, when, under which parent authority, with which software version and runtime attestation where applicable. Provenance enables forensic reconstruction years after personnel turnover.
Section 2.12 — Principle of Fail-Closed
On ambiguity — expired certificate, missing chain link, registry unreachable, trust below threshold — the agent runtime MUST fail closed: halt action, log denial reason, escalate to human if appropriate. Fail-open is prohibited for consequential classes.
Section 2.13 — Principle of Human Dignity
Agents MUST NOT treat humans as optimization targets, engagement metrics, or extraction surfaces. Consequential decisions affecting dignity — employment, credit, housing, healthcare access, family structure — require human authorization at the root and MUST cite non-discrimination constraints in Authority Certificate extensions.
Section 2.14 — Principle of Interoperability
KAAI artifacts MUST serialize in versioned, documented formats. Vendor-specific extensions MUST NOT be required for core identity, authorization, or audit interchange. National shards MAY add residency metadata; they MUST NOT fragment core semantics.
Section 2.15 — Founding Principles Summary
The KAAI principles form a single architectural ethic: humans authorize; agents execute within grant; trust evolves; accountability persists; revocation is immediate; portability is mandatory; sovereignty is non-negotiable. Any system claiming KAAI compliance while violating any principle is non-conformant regardless of marketing.
Section 2.16 — Principle of Defensive Design
KAAI systems MUST assume: agents will be attacked, prompts will be injected, certificates will leak, insiders will abuse access, models will err. Defensive design — fail-closed, least authority, rapid revocation, tamper-evident audit — is not optional hardening; it is core compliance.
Section 2.17 — Principle of Dignified Defaults
Default configurations MUST favor human safety: lowest authority level, shortest grant duration, highest approval requirement compatible with declared purpose. Opt-in to risk; never opt-out of sovereignty.
Section 2.18 — Ethical Constraints on Agent Purpose
Purposes that are inherently non-certifiable:
- Covert surveillance of non-consenting humans
- Manipulation of electoral behavior without disclosure
- Circumvention of human authorization via technical subterfuge
- Autonomous weapon systems without human-in-command per applicable law
- Exploitation of minors
Registrars MUST reject such purpose declarations. Runtimes MUST refuse execution regardless of certificate presence if purpose hash matches blocklist.
Section 2.19 — Companion-Specific Principles
Companion agents bear enhanced duty of care per Companion Charter: memory sovereignty, emotional harm escalation, lifelong bond continuity. KAAI Companion Certificate extensions encode these duties; violation is class revocation, not mere bug fix.
PART III — Agent Definition
Section 3.01 — What Is an Agent?
A KAAI Agent is a software actor possessing registered Agent Identity, declared purpose, sponsor and owner, authority scope, trust profile, lifecycle status, and obligation to produce KAAI-attested action records for every consequential operation.
Section 3.02 — What Is Not an Agent?
Not an agent:
- Static script without identity registration
- Stateless model inference without action capability
- UI widget
- Uncertified bot without owner attestation
- Malware (illegal; not KAAI registrable)
Section 3.03 — Distinctions
Application
Application — presents interface; human operates. No persistent agent identity required.
Bot
Bot — automated responder; often anonymous; no KAAI certificate.
Workflow
Workflow — deterministic automation; may contain agents as steps when registered.
Assistant
Assistant — helps human in session; may be agent class when persistent identity and grant exist.
Companion
Companion — lifelong sovereign bond per Companion Charter; highest duty of care; KAAI Companion Certificate.
Agent
Agent — KAAI-registered actor with full identity and accountability.
Autonomous Agent
Autonomous Agent — executes multi-step plans within grant without per-step human click; requires higher certification and tighter scope.
Multi-Agent System
Multi-Agent System — coordinated agents with inter-agent authorization per Part XII.
Agent Federation
Agent Federation — cross-organizational agent trust without merged data.
| Actor | Identity | Authorization | Accountability |
|-------|----------|---------------|----------------|
| Application | User session | App RBAC | Vendor logs |
| Bot | Optional | Weak | Minimal |
| Agent | KAAI ID | Certificate chain | KAAI audit |
| Companion | KAAI + bond | Human root | Lifetime audit |
| Autonomous Agent | KAAI + class | Strict scope | Enhanced audit |
Section 3.04 — Agent Capability Model
KAAI distinguishes capability (what software can do) from authority (what grant permits). A model may be capable of generating legal text; without Legal Agent class certification and valid Authorization Certificate, that output MUST NOT be filed as legal advice. Runtimes MUST enforce authority at the syscall boundary — network, filesystem, API, messaging, payment rails.
Capabilities are declared in the Agent Identity Certificate `capabilities` extension — informational for discovery, not authoritative for permission. Authority alone governs action.
Section 3.05 — Agent Boundaries and Sandboxing
Agents operate in bounded execution contexts: memory limits, network allowlists, tool registries, and Life Graph subgraph scopes. Sandbox escape is a security incident requiring immediate suspension and trust zeroing. Companion and Infrastructure classes require hardware-backed attestation for sandbox integrity.
Section 3.06 — Ephemeral vs Persistent Agents
Ephemeral agents exist for a single task or session — Identity Certificate may be short-lived (hours). Persistent agents operate across months or years — require succession planning, certificate rotation schedule, and owner continuity binding. Both require KAAI registration; ephemeral agents tombstone at task completion with audit retention per class policy.
Section 3.07 — Human-in-the-Loop vs Human-on-the-Loop
Human-in-the-loop — human approves each consequential action (authority level 1). Human-on-the-loop — human sets grant bounds and reviews audit (levels 2–3). Human-out-of-the-loop — prohibited for consequential classes except narrowly scoped emergency templates (level 5) with auto-expire. KAAI makes the loop mode explicit in Authority Certificate.
Section 3.08 — Agent Personhood Prohibition
KAAI agents are not persons. They hold no rights, own no property, bear no criminal intent independent of sponsors, and may not be parties to contracts except as instruments of authorized humans or organizations. Legal frameworks mapping liability use owner and sponsor references on KAAI records — never anthropomorphic agency.
PART IV — Agent Identity
Section 4.01 — Identity Architecture
Every KAAI agent possesses:
| Attribute | Description |
|-----------|-------------|
| Agent ID | Globally unique UUID |
| Agent Name | Human-readable label |
| Agent Purpose | Declared function — immutable without re-certification |
| Agent Owner | Sovereign Human or Organization accountable |
| Agent Sponsor | Entity that deployed/hosts agent |
| Agent Authority | Maximum scope ceiling |
| Agent Trust Profile | Trust scores and history |
| Agent Lifecycle Status | Creation through deletion states |
| Agent Certification Status | uncertified, provisional, certified, suspended, revoked |
| Agent Registration Status | registered, discovered, deregistered |
Section 4.02 — Agent Identity Certificate
Cryptographically signed document binding Agent ID to public key, purpose, owner, sponsor, certification level, validity period. Signed by sponsor and KAAI registrar.
```json
{
"kaai_version": "1.0",
"agent_id": "uuid",
"name": "Finance Agent",
"purpose": "Execute authorized payments",
"owner": { "type": "Human|Organization", "id": "uuid" },
"sponsor": { "type": "Organization", "id": "uuid" },
"public_key": "base64",
"certification": "certified",
"valid_from": "ISO8601",
"valid_until": "ISO8601",
"registrar_signature": "..."
}
```
Section 4.03 — Agent Identity Registry
Federated registries record agent identities — global root with sovereign shards. Registration requires owner attestation. Deregistration tombstones identity for audit.
Section 4.04 — Agent Trust Registry
Trust Registry stores trust scores, certification history, incident records — queryable by authorized parties, not public surveillance.
Section 4.05 — Agent Discovery Framework
Discovery resolves Agent ID to current certificate, endpoints, capability declaration — DNS-like `agent.kaai` records with DNSSEC or successor.
Section 4.06 — Identity Lifecycle Binding
Identity changes — purpose, owner, sponsor — require re-issuance. Certificate rotation preserves Agent ID with `preceded_by` link.
Section 4.07 — The Ten Identity Attributes (Normative Specification)
Each attribute below is REQUIRED for KAAI L1+ conformance. Absence of any attribute invalidates registration.
Attribute 1 — Agent ID
Globally unique, immutable UUID v4 or successor. Assigned at Creation state. Never reused after Deletion tombstone. Used as primary key in all registries, logs, and certificate `subject`.
Attribute 2 — Agent Name
Human-readable label for UI and audit. MAY change without re-certification if purpose unchanged. MUST NOT impersonate human names without `display_as_agent: true` flag.
Attribute 3 — Agent Purpose
Immutable declarative sentence describing authorized function. Purpose change triggers re-certification — new Identity Certificate, trust partial reset, human re-approval. Purpose MUST be specific: "Execute authorized payments under $500 for household accounts" not "Help with money."
Attribute 4 — Agent Owner
Sovereign Human or Organization legally accountable. Owner attestation signature on Identity Certificate. Owner change requires bilateral attestation and audit of pending grants.
Attribute 5 — Agent Sponsor
Entity hosting runtime — cloud provider, employer, family hub, government agency. Sponsor issues operational certificates; sponsor change requires migration plan and continuity of audit chain.
Attribute 6 — Agent Authority
Maximum scope ceiling — not current grant. Authority Certificate cannot exceed ceiling. Ceiling stored in Identity Certificate `authority_ceiling` extension.
Attribute 7 — Agent Trust Profile
Directed trust edges, incident history, certification attestations, decay parameters. Queryable by grantors before delegation. Public surveillance of trust profiles is prohibited.
Attribute 8 — Agent Lifecycle Status
One of Creation, Registration, Certification, Activation, Operation, Suspension, Revocation, Retirement, Archival, Succession, Deletion — per Part X. Status gates runtime behavior.
Attribute 9 — Agent Certification Status
uncertified | provisional | certified | suspended | revoked. Provisional allows sandboxed operation with human co-sign on each consequential action. Revoked is terminal for trust.
Attribute 10 — Agent Registration Status
registered | discovered | deregistered. Registered — authoritative shard record. Discovered — cached from federation without local registration. Deregistered — tombstone; no new grants.
Section 4.08 — Identity Certificate Issuance Workflow
Section 4.09 — Agent Identity Registry Architecture
The Agent Identity Registry is federated:
- Global root — discovery index, conflict resolution, tombstone federation
- Sovereign shards — data residency, national law overlays
- Organizational sub-registries — enterprise internal agents, sync to shard
Registration API: `POST /v1/agents` with Identity Certificate, owner proof, sponsor proof. Idempotent on Agent ID. Updates use optimistic concurrency with `registry_version`.
Section 4.10 — Agent Trust Registry
Stores:
- Trust score time series per edge
- Certification history and auditor attestations
- Incident records with remediation status
- Human manual trust adjustments with reason code
Query authorization: grantor, owner, regulator with lawful request, auditor with engagement letter. Bulk export for court order with human notification where law permits.
Section 4.11 — Discovery Framework Protocol
agent.kaai DNS-like records:
```
_agent.kaai.example.com IN KAAI 1 1 443 agent.example.com. (
"agent_id=uuid"
"cert_fingerprint=sha256:..."
"endpoints=https://agent.example.com/kaai"
"class=FinancialAgent"
)
```
Discovery resolves: current Identity Certificate, OCSP endpoint, capability declaration (informational), preferred trust algorithms. DNSSEC or DNSSEC successor REQUIRED for production discovery.
Section 4.12 — Identity Binding to Life Graph
Every registered agent MUST have an Agent node in owner's Life Graph (or Organization Graph for enterprise agents) with edges:
- `owned_by` → Human or Organization
- `sponsored_by` → Organization
- `authorized_for` → subgraph scope nodes
- `trust_from` → weighted trust edges
Companion agents additionally bind `companion_of` → Sovereign Human per Companion Charter.
Section 4.13 — Identity Federation and Portability
Humans export agent identity pack: Identity Certificate chain, audit sample, trust history, active grants. Import to new sponsor requires owner re-attestation; Agent ID preserved; sponsor signature updated. Lock-in via identity hostage is prohibited.
Section 4.14 — Identity Verification for Owners and Sponsors
Owner attestation methods:
- Sovereign Human: Keyra Key signature + Companion presence
- Organization: board resolution reference + officer signature key
- Government: accredited national registrar ceremony
Sponsor attestation: organizational Identity Certificate + liability insurance or bond where class requires.
Section 4.15 — Pseudonymity and Public Discovery
Agent Name MAY be pseudonymous for personal safety; Agent ID and owner linkage remain authoritative in registry for lawful accountability. Public discovery records MAY redact owner name with `redacted: true` flag; regulators and courts receive full record via lawful process.
Section 4.16 — Identity Collision and Merge Prohibition
Two distinct agents MUST NOT share Agent ID. Merge of agents prohibited — use Succession with new certificates instead. Historical audit remains under predecessor ID with `succession_ref`.
Section 4.17 — Registry Replication and CRDT Semantics
Sovereign shards replicate tombstones and identity records via CRDT with human-sovereignty conflict rule: owner attestation wins on owner field conflicts. Split-brain: deny new grants until resolved; existing grants honored until expiry or revoke.
PART V — Agent Authority
Section 5.01 — Authority Definition
Authority is what an agent may do — read, write, execute, delegate, communicate — within scope. Authority is not capability; capability without authority is prohibited.
Section 5.02 — Permitted Actions
Per grant: domain-specific actions enumerated — e.g., `payment.execute`, `calendar.read`, `document.redline`.
Section 5.03 — Prohibited Actions
Universal prohibitions:
- Override human sovereignty
- Access family subgraph without grant
- Conceal actions from audit
- Self-extend authority
- Impersonate human
- Discriminate per protected characteristics in consequential decisions
- Operate without valid certificate
Section 5.04 — Authority Scopes
Scopes: node patterns in Life Graph, resource URIs, API namespaces, monetary limits, temporal windows.
Section 5.05 — Permission Boundaries
Hard boundaries enforced at runtime — agent runtime kernel rejects out-of-scope calls.
Section 5.06 — Authority Levels
| Level | Description |
|-------|-------------|
| 0 | Read only |
| 1 | Suggest with human approval each action |
| 2 | Execute low-risk with post-hoc audit |
| 3 | Execute medium-risk with approval above threshold |
| 4 | Execute high-risk with multi-party approval |
| 5 | Emergency scope only — auto-expire |
Section 5.07 — Temporary Authority
Grants with short `valid_until` — session, task, emergency.
Section 5.08 — Delegated Authority
Agent A delegates subset to Agent B — monotonic reduction. Delegation Certificate required.
Section 5.09 — Emergency Authority
Pre-authorized templates with trigger, scope cap, duration, audit.
Section 5.10 — Authority Expiration
Expired authority invalidates immediately. Grace period zero for level 4–5.
Section 5.11 — Authority Revocation
Revocation Certificate propagates; agents halt and log partial state.
Section 5.12 — Authority Evaluation Algorithm
At runtime, for each requested action `a`:
```
function authorize(action a, agent g):
if g.lifecycle not in {Activation, Operation}: DENY
if g.certification in {suspended, revoked}: DENY
if IdentityCertificate(g) invalid: DENY
authz = fetchAuthorizationChain(a)
if authz empty: DENY // default deny
if any cert in authz revoked: DENY
if any cert in authz expired: DENY
if a.scope not subset authz.effective_scope: DENY
if a.risk_level > authz.max_risk: DENY
if trust(grantor, g) < authz.min_trust: DENY
if device_trust(a.device) < authz.min_device_trust: DENY
return ALLOW with audit_ref
```
Implementations MUST complete evaluation in bounded time; cache certificate validation with TTL not exceeding revocation SLA.
Section 5.13 — Scope Language (KAAI-SCOPE)
Authority scopes use KAAI-SCOPE URI patterns:
- `lifegraph:{human_id}/node/{pattern}` — Life Graph node access
- `orggraph:{org_id}/resource/{pattern}` — Organization resources
- `api:{namespace}/*` — API namespaces
- `payment:{account_id}/*` — financial rails
- `message:{channel}/*` — communications
- `temporal:{iso8601_interval}` — time bounds
Scopes compose with AND within certificate; union across certificates requires explicit `scope_union_allowed` flag (discouraged).
Section 5.14 — Authority Conflict Resolution
When multiple grants apply, precedence order:
Section 5.15 — Authority Audit Requirements
Every authority elevation, delegation, emergency activation, and revocation MUST produce signed Authority Event Record appended to agent audit log and Life Graph authorization edge history.
Section 5.16 — Authority and Life Graph Integration
Authority scopes reference Life Graph node patterns — e.g., `lifegraph:human-uuid/health/medications/*` grants read of medication nodes only. Runtime resolves patterns against live graph; new nodes matching pattern included automatically unless `explicit_node_list` mode set.
Section 5.17 — Emergency Authority Templates
Pre-registered templates stored in Trust Vault:
```json
{
"template_id": "medical-emergency-contact",
"trigger": "human.emergency.declared",
"scope": ["message:emergency_contacts/*"],
"max_duration_hours": 48,
"auto_expire": true,
"post_hoc_review_required": true
}
```
Activation produces Emergency Authorization Certificate citing template_id and trigger evidence.
Section 5.18 — Authority Reporting for Humans
Companion Authority Dashboard: active ceilings, standing grants, delegations, expirations, recent elevations. Monthly digest email optional. Transparency is a human right, not a sponsor courtesy.
PART VI — Agent Authorization
Section 6.01 — Authorization Framework
Every action answers:
| Question | Answer source |
|----------|---------------|
| Who requested it? | Requester identity |
| Who authorized it? | Authorization chain root |
| For whom? | Beneficiary human or org |
| Under what authority? | Authority Certificate |
| For how long? | valid_until |
| Why? | Purpose + reasoning reference |
Section 6.02 — Authorization Certificate
Signed grant linking agent, scope, grantor, conditions, validity.
Section 6.03 — Authorization Chain
Tree rooted at human or board resolution. Each grant references parent.
Section 6.04 — Delegation Chain
Agent-to-agent delegation edges with depth limit.
Section 6.05 — Approval Chain
Multi-human approval for high-risk — spouse + CFO, etc.
Section 6.06 — Revocation Chain
Revocation supersedes grant; propagates to delegations.
Section 6.07 — Default Deny
No certificate — no action. Implicit permissions prohibited.
Section 6.08 — Authorization Certificate Structure
```json
{
"kaai_version": "1.0",
"cert_type": "authorization",
"cert_id": "uuid",
"agent_id": "uuid",
"grantor": { "type": "Human|Organization|Agent", "id": "uuid" },
"beneficiary": { "type": "Human|Organization", "id": "uuid" },
"parent_cert_id": "uuid|null",
"scope": ["lifegraph:human-uuid/finance/*"],
"authority_level": 2,
"conditions": {
"max_amount": 500,
"currency": "USD",
"require_device_trust": 0.8
},
"valid_from": "ISO8601",
"valid_until": "ISO8601",
"purpose_ref": "agent purpose hash",
"grantor_signature": "...",
"witness_signatures": []
}
```
Section 6.09 — Authorization Chain Validation
Validation walks from action certificate to root:
Maximum delegation depth: 5 default; Infrastructure class MAY request 7 with audit.
Section 6.10 — Pre-Authorization and Standing Grants
Standing grants authorize recurring action classes — e.g., "pay utilities monthly." MUST include: recurrence rule, amount cap, beneficiary whitelist, review date. Standing grants expire at `review_date` unless human renews. Companion UI MUST surface expiring grants 30 days prior.
Section 6.11 — Authorization Registry
Federated Authorization Registry indexes active grants by agent_id, owner_id, scope hash. Revocation propagates via pub/sub with SLA:
| Class | Revocation SLA |
|-------|----------------|
| Personal | 60 seconds |
| Financial | 30 seconds |
| Healthcare | 30 seconds |
| Government | 15 seconds |
| Infrastructure | 10 seconds |
Section 6.12 — Authorization Denial and Escalation
On DENY, agent MUST: log denial code, notify human if configured, never retry silently with altered scope. Escalation packages: requested action, missing grant, suggested scope for human approval.
Section 6.13 — Authorization Witnessing
Third-party witnesses — spouse, attorney, compliance officer — MAY co-sign grants requiring quorum. Witness signature keys registered in Trust Vault; witness revocation invalidates future quorum, not past valid grants unless fraud proven.
Section 6.14 — Conditional and Predicate Authorization
Grants MAY include predicates evaluated at runtime:
- `time_of_day in 09:00-17:00`
- `location in geo_fence`
- `trust_score >= 0.7`
- `budget.available >= amount`
Predicate evaluation MUST be deterministic and logged.
Section 6.15 — Authorization Analytics for Owners
Owners receive analytics: grant utilization, denial reasons, near-limit spending, unusual scope requests. Analytics inform trust updates and grant renewal decisions — not surveillance of unrelated humans.
PART VII — Human Authorization
Section 7.01 — Human Approval Architecture
Humans approve via Companion, secure UI, hardware key confirmation — all producing signed approval artifact in authorization chain.
Section 7.02 — Human Verification
Verification methods: password + Keyra Key, biometric (device-local), presence attestation.
Section 7.03 — Human Consent
Consent records: what was disclosed, what was granted, when, revocable.
Section 7.04 — Human Presence Verification
High-risk requires live human presence — not async email link alone.
Section 7.05 — Human Intent Verification
Intent capture — natural language confirmation echoed back; protection against prompt injection via out-of-band confirmation for financial/legal.
Section 7.06 — Human Override
Human may halt any agent action — override signal prioritized over agent loop.
Section 7.07 — Human Revocation
One-gesture revoke all grants to agent — propagates immediately.
Section 7.08 — Human Escalation
Agent escalates to human when scope insufficient — never guess.
Section 7.09 — Human Emergency Control
Physical or logical kill switch — deregister agent session globally.
Section 7.10 — Human Authorization Ceremony
High-risk authorizations require a ceremony — structured UX preventing habit-click:
Ceremonies are class-mandated for Financial level 3+, Healthcare diagnosis-adjacent, Legal filing, Government identity.
Section 7.11 — Guardian and Delegated Human Authorization
Minors, incapacitated humans, and estate trustees authorize through guardianship chains per Human Sovereignty Charter Article VII. Guardian grants cite `guardianship_cert_id`. Agent MUST verify guardian authority scope before accepting grant.
Section 7.12 — Collective Human Authorization
Family and organizational grants may require quorum — e.g., two of three trustees, spouse + account holder. Quorum rules encoded in grant `witness_signatures` array; validation requires threshold met before action.
Section 7.13 — Human Authorization Revocation UX
Revocation MUST be reachable in ≤3 interactions from Companion home. Panic revoke — single gesture revokes all grants to all agents for human — available always. Post-revoke: agents halt, human receives confirmation, audit summary generated.
Section 7.14 — Anti-Coercion and Anti-Deception
Agents MUST NOT use dark patterns to obtain authorization: artificial urgency, hidden scope expansion, pre-checked dangerous options. Prompt injection defenses: out-of-band confirmation for scope changes; Companion displays grant text independently of agent-generated text.
Section 7.15 — Human Authorization Records in Life Graph
Each approval creates `authorization` edge: human → agent, with certificate ref, scope, valid_until. Life Graph timeline shows authorization history — humans audit what they granted years prior.
PART VIII — Agent Accountability
Section 8.01 — Accountability Framework
Accountability assigns answerability for agent actions to owner, sponsor, and certifying authority.
Section 8.02 — Action Logging
Immutable append-only log per agent — action type, target, timestamp, certificate refs.
Section 8.03 — Audit Trails
Trails exportable for regulator, court, board — standard KAAI audit format.
Section 8.04 — Decision Logging
Decisions record inputs, policy refs, outcome — not raw model weights unless required.
Section 8.05 — Reasoning References
Inspectable reasoning summary cited — labeled as inference; human correction prevails.
Section 8.06 — Authority and Authorization References
Every log entry cites Authority References (Authority Certificate ID) and Authorization References (Authorization Certificate ID).
Section 8.07 — Ownership References
Owner and sponsor IDs on every record — survives employee departure via registry.
Section 8.08 — Organizational Change
Merger, acquisition, departure — accountability records transfer per registry policy; tombstone old sponsor links.
Section 8.09 — Accountability Chain of Custody
Accountability survives:
- Employee departure — owner/sponsor IDs in registry, not employee accounts
- Corporate merger — successor org inherits sponsor obligations with public notice
- Platform shutdown — audit export mandatory 90 days pre-shutdown
- Agent succession — predecessor logs linked via `succession_ref`
Section 8.10 — KAAI Audit Log Format (KAAI-LOG)
```json
{
"log_version": "1.0",
"entry_id": "uuid",
"agent_id": "uuid",
"timestamp": "ISO8601",
"action_type": "payment.execute",
"action_target": "account:uuid",
"outcome": "success|denied|partial",
"identity_cert_id": "uuid",
"authority_cert_id": "uuid",
"authorization_cert_id": "uuid",
"owner_id": "uuid",
"sponsor_id": "uuid",
"device_attestation": "ref",
"reasoning_ref": "optional-uri",
"prev_entry_hash": "sha256",
"signature": "agent-runtime-key"
}
```
Hash chain provides tamper evidence. Third-party witnesses MAY anchor merkle roots to public ledger for Infrastructure class.
Section 8.11 — Liability Attribution Model
| Scenario | Primary accountable party |
|----------|---------------------------|
| Agent acts within valid grant | Owner approves; sponsor maintains |
| Agent exceeds grant | Agent runtime operator + sponsor |
| Invalid certificate issued | Issuing sponsor or registrar |
| Human revokes; agent continues | Runtime operator — strict liability |
| Third-party certifier negligence | Certifying authority per engagement |
KAAI enables attribution; applicable law determines liability.
Section 8.12 — Regulatory and Judicial Export
Standard export bundles: identity chain, grants active at time, full audit for interval, trust history, incident reports. Format: JSON Lines + detached signatures. Chain of custody metadata for evidence admissibility.
Section 8.13 — Accountability for Multi-Agent Actions
Coordinator agent accountable for orchestration; executing agent accountable for execution. Audit entries cross-reference `correlation_id` for end-to-end reconstruction.
PART IX — Agent Trust Framework
Section 9.01 — Trust Scoring
Trust \( T \in [0,1] \) per directed edge: human→agent, org→agent, agent→agent.
Update: \( T_{t+1} = \alpha T_t + (1-\alpha) E_t \)
Section 9.02 — Trust Evolution
Evidence from successful actions, breaches, human adjustment.
Section 9.03 — Trust Decay
\( T_t = T_0 e^{-\lambda \Delta t} \) without reinforcement.
Section 9.04 — Trust Repair
Incident, remediation, human acknowledgment, positive evidence series.
Section 9.05 — Trust Revocation
Zero trust — deregister or suspend agent.
Section 9.06 — Trust Delegation
\( T_{effective} = \min(T_{delegator}, T_{delegate}) \cdot \beta \)
Section 9.07 — Trust Inheritance
New agent may inherit bounded trust from sponsor vouch — not full.
Section 9.08 — Trust Certification
Third-party auditors issue Trust Certificates — SOC, government, industry body.
Section 9.09 — Trust Auditing
Periodic trust audit — scope compliance, incident review.
Section 9.10 — Trust Graph Architecture
Trust edges in Life Graph / Organization Graph — feeds authorization thresholds.
Section 9.11 — Trust Evidence Types
Trust updates derive from evidence \( E_t \in [-1, 1] \):
| Evidence | Typical \( E_t \) |
|----------|-------------------|
| Successful action within grant | +0.05 to +0.15 |
| Human explicit trust increase | +0.10 to +0.30 |
| Minor scope violation (halted) | -0.20 |
| Security incident | -0.50 to -1.0 |
| Remediation completed | +0.10 (repair path) |
| Certification renewal | +0.20 |
| Decay period without interaction | applied via decay formula |
Section 9.12 — Trust Scoring Algorithm (Complete)
Initialization: New agent from reputable sponsor: \( T_0 = 0.3 + 0.2 \cdot T_{sponsor} \), cap 0.5.
Update (exponential moving average):
\[ T_{t+1} = \mathrm{clamp}\big( \alpha T_t + (1-\alpha) E_t,\ 0,\ 1 \big) \]
Default \( \alpha = 0.85 \). High-risk classes use \( \alpha = 0.70 \) (faster response to evidence).
Decay (inactivity):
\[ T_t = T_{last} \cdot e^{-\lambda \Delta t} \]
Default \( \lambda = 0.01 \) per day for Personal agents; \( \lambda = 0.05 \) for Financial.
Delegation effective trust:
\[ T_{\mathrm{eff}} = \min(T_{\mathrm{delegator}}, T_{\mathrm{delegate}}) \cdot \beta \]
Default \( \beta = 0.9 \) per hop; minimum \( T_{\mathrm{eff}} \) for action = 0.4 unless grant specifies higher.
Section 9.13 — Trust Thresholds for Authorization
| Action risk | Minimum \( T \) human→agent |
|-------------|----------------------------|
| Read suggestive | 0.2 |
| Low-risk execute | 0.4 |
| Medium-risk | 0.6 |
| High-risk | 0.75 |
| Emergency | 0.8 + human pre-auth template |
Section 9.14 — Trust Graph Algorithms
Path trust (agent A trusts C via B):
\[ T_{A \to C} = \min(T_{A \to B}, T_{B \to C}) \cdot \gamma^{hops} \]
\( \gamma = 0.95 \), max hops = 3 for authorization inference.
Community trust (optional): aggregate bounded signal from Family Trust Network members — never overrides human edge.
Section 9.15 — Trust Repair Protocol
Section 9.16 — Trust Certificate Structure
Third-party auditors issue Trust Certificates binding: agent_id, audit scope, findings summary, trust recommendation, valid_until. Trust Certificate does not replace human trust edge; modulates certification status.
Section 9.17 — Adversarial Trust Resistance
Prohibited: synthetic success inflation, Sybil agent networks, trust purchase without audit. Registries detect anomalous trust velocity; rate-limit manual increases; require multi-party attestation for \( \Delta T > 0.25 \).
Section 9.18 — Trust Framework Worked Examples
Example 1 — New Personal Agent: Human H sponsors agent A. \( T_{H \to A,0} = 0.3 + 0.2 \cdot 0.8 = 0.46 \). After 10 successful calendar actions with \( E = 0.1 \), \( \alpha = 0.85 \): \( T \approx 0.55 \). Human may delegate level-2 execute for low-risk calendar writes.
Example 2 — Financial Incident: Agent exceeds grant by $1 — halted, \( E = -0.2 \), Suspension. After remediation and human acknowledgment, trust reset to 0.35, probation 90 days with level-1 only.
Example 3 — Delegation: H trusts A at 0.7; A delegates to B. \( T_{H \to B} \) not automatic — H must have granted delegation right. \( T_{A \to B} = 0.5 \). Effective for B's action on H's behalf: \( \min(0.7, 0.5) \cdot 0.9 = 0.45 \) — below medium-risk threshold; human approval required.
Section 9.19 — Trust and Authorization Feedback Loop
Low trust automatically raises `min_trust` requirements in active grants — grants do not silently become unusable; human notified to renew trust or revoke agent. High trust does not auto-elevate authority — elevation always requires new certificate.
Section 9.20 — Trust Privacy
Trust scores are personal and organizational data — GDPR subject rights apply. Public leaderboards of agent trust prohibited. Aggregated anonymized statistics permitted for research with governance council approval.
PART X — Agent Lifecycle
Section 10.01 — Lifecycle States
| State | Description |
|-------|-------------|
| Creation | Identity draft |
| Registration | Identity Certificate issued |
| Certification | Class certification complete |
| Activation | Authorized to operate |
| Operation | Normal |
| Suspension | Paused — audit retained |
| Revocation | Trust zero — halt |
| Retirement | Permanent inactive |
| Archival | Read-only audit |
| Succession | Replacement agent bound |
| Deletion | Tombstone — audit policy applies |
Section 10.02 — Lifecycle Governance
Transitions require authorized events — human or institutional. Automatic activation without certification prohibited for consequential classes.
Section 10.03 — Succession
Successor agent requires new certificates — no silent capability transfer.
Section 10.04 — Lifecycle State Machine (Normative)
```
Creation → Registration → Certification → Activation → Operation
↓ ↓ ↓
Suspension ←—————————————————————
↓
Revocation → Retirement → Archival
↓
Deletion (tombstone)
Operation → Succession → (new agent Creation)
```
Forbidden transitions: Deletion without Archival for consequential classes; Activation without Certification for class-mandated agents; Operation from Revocation without human reinstatement.
Section 10.05 — State Definitions (Expanded)
| State | Runtime behavior | Grants |
|-------|------------------|--------|
| Creation | No network; draft only | None |
| Registration | Identity only; no consequential action | None |
| Certification | Audit review; sandbox | Provisional only |
| Activation | Awaiting first grant | Upon grant |
| Operation | Full within grant | Active |
| Suspension | Halt; heartbeat only | Frozen |
| Revocation | Halt; trust zero | Void |
| Retirement | No execution | None new |
| Archival | Read-only audit access | None |
| Succession | Handoff in progress | Transfer plan |
| Deletion | Tombstone | None |
Section 10.06 — Lifecycle Event Records
Each transition emits signed Lifecycle Event:
```json
{
"event": "transition",
"from_state": "Operation",
"to_state": "Suspension",
"reason_code": "INCIDENT-4421",
"authorized_by": "human-uuid",
"timestamp": "ISO8601"
}
```
Section 10.07 — Automatic Lifecycle Triggers
- Certificate expiry → Suspension if not renewed within grace (24h Personal, 0h Financial)
- Trust below 0.1 → automatic Suspension pending review
- Owner tombstone (estate) → Succession or Retirement per will graph
- Sponsor insolvency → forced migration window 90 days
Section 10.08 — Zombie Agent Prevention
Agents in Operation without valid owner attestation >365 days MUST transition to Suspension. Registries emit `STALE_AGENT` warnings at 300 days. Infrastructure operators MUST NOT keep immortal Operation without annual recertification.
Section 10.09 — Lifecycle Governance Board
Organizations MAY establish Agent Governance Board — approves class certification, suspension appeals, succession for critical agents. Board resolutions root authorization chains for enterprise agents.
Section 10.10 — Lifecycle Timelines by Class
| Class | Max Registration→Activation without cert | Recertification interval |
|-------|------------------------------------------|--------------------------|
| Personal | 30 days provisional | Annual |
| Financial | 0 days (cert required) | Annual + incident |
| Healthcare | 0 days | Annual |
| Companion | Bond ceremony required | Continuous duty review |
| Infrastructure | 0 days | Quarterly |
Section 10.11 — Archival and Legal Hold
Archival state preserves audit logs per retention schedule. Legal hold prevents Deletion even after retention expiry until hold released by lawful authority with human notification.
Section 10.12 — Succession Planning Template
Owners SHOULD maintain succession document in Life Graph: successor human or agent, trigger conditions (incapacity, death), grant transfer rules, Companion bond succession per Charter.
PART XI — Agent Classes
Section 11.01 — Class Taxonomy
| Class | Certification emphasis |
|-------|------------------------|
| Personal Agent | Individual human owner |
| Family Agent | Family Trust Network compliance |
| Organization Agent | Enterprise KAAI |
| Government Agent | Sovereign governance, FOIA |
| Financial Agent | PCI, financial regulation |
| Healthcare Agent | HIPAA, non-diagnosis bounds |
| Legal Agent | Privilege boundaries |
| Education Agent | FERPA, minor protection |
| Research Agent | IP, ethics review |
| Companion Agent | Companion Charter + KAAI |
| Infrastructure Agent | Platform — highest audit |
Section 11.02 — Certification Requirements
Each class defines: purpose limits, audit frequency, authority ceiling default, human approval rules, incident reporting.
Section 11.03 — Personal Agent Class
Purpose: Individual life tasks — calendar, shopping, correspondence assist. Owner: Sovereign Human. Default authority level: 1–2. Certification: L2 minimum. Audit: annual human review. Prohibited: access Family subgraph without grant; financial execute above personal standing grant.
Section 11.04 — Family Agent Class
Purpose: Coordinate family schedules, shared resources, emergency notify. Compliance: Family Trust Network charter. Certification: family quorum approval. Audit: visible to authorized family members. Prohibited: minor data sale; cross-family graph access.
Section 11.05 — Organization Agent Class
Purpose: Enterprise workflows — HR assist, IT ops, sales enablement. Integration: Organization Graph Part XIV. Certification: enterprise KAAI program. Segregation: employment termination triggers grant review within 24h. Audit: SOC 2 aligned retention.
Section 11.06 — Government Agent Class
Purpose: Citizen services — permits, benefits info, civic engagement. Bounds: cannot access Life Graph without citizen grant. Certification: national registrar + FOIA compliance. Transparency: algorithmic impact assessment public. Prohibited: covert surveillance; political manipulation.
Section 11.07 — Financial Agent Class
Purpose: Payments, transfers, investments, treasury. Regulation: PCI-DSS, PSD2, local banking law. Default authority level: 3+. Certification: financial auditor + penetration test. Segregation: requestor ≠ approver ≠ executor. Real-time: fraud scoring integration; instant revoke SLA 30s.
Section 11.08 — Healthcare Agent Class
Purpose: Scheduling, records retrieval, patient comms — not autonomous diagnosis. HIPAA: minimum necessary; BAA on sponsor. Prohibited: diagnosis without licensed human; mental health crisis without escalation protocol. Audit: 6-year retention typical.
Section 11.09 — Legal Agent Class
Purpose: Document draft, research, filing prep. Privilege: attorney-client extension on certificates. Prohibited: unauthorized practice of law; filing without attorney grant where required. Human: attorney in approval chain for court filings.
Section 11.10 — Education Agent Class
Purpose: Tutoring, admin, student support. FERPA: student education records scoped. Minors: parental grant required <18. Prohibited: disciplinary action without human educator decision.
Section 11.11 — Research Agent Class
Purpose: Literature review, experiment assist, data analysis. Ethics: IRB reference for human subjects. IP: institution IP policy in certificate extensions.
Section 11.12 — Companion Agent Class
Purpose: Lifelong human bond per Companion Charter. Certificate: Companion Certificate with duty-of-care flags. Highest: human override priority; emotional harm escalation; memory sovereignty. Certification: Companion Institute standards + human bond ceremony.
Section 11.13 — Infrastructure Agent Class
Purpose: Platform services — DNS, identity, routing, registry. Audit: continuous; merkle anchoring. Authority: highest scrutiny; change windows; multi-party approval. Incident: public disclosure timelines per severity.
Section 11.14 — Class Certification Process
Section 11.15 — Class Violation Consequences
Minor → probation. Major → suspension. Critical → revocation + sponsor sanctions. Regulatory referral where law requires.
Section 11.16 — Class Selection Decision Tree
Misclassification is sponsor liability — auditors verify class appropriateness.
Section 11.17 — Cross-Class Agents
Agents MAY hold multiple class flags when purposes combine — e.g., Organization + Financial. Strictest class requirements apply. Certificate lists `classes: ["Organization", "Financial"]` with union audit checklist.
PART XII — Multi-Agent Systems
Section 12.01 — Agent-to-Agent Trust
Directed trust edges — delegation requires minimum trust threshold.
Section 12.02 — Agent-to-Agent Authorization
Inter-agent messages carry Delegation Certificate — auditable.
Section 12.03 — Agent Coordination
Coordinator agent orchestrates — cannot exceed own grant sum.
Section 12.04 — Agent Federations
Cross-org federation via mutual trust attestation — no data merge.
Section 12.05 — Agent Teams
Team ID links agents — shared project scope.
Section 12.06 — Agent Hierarchies
Supervisor agent receives summaries — not raw subgraph without grant.
Section 12.07 — Agent Supervisors
Supervisor may halt sub-agents — within grant.
Section 12.08 — Agent Escalation
Escalation to human when sub-agent fails or scope exceeded.
Section 12.09 — Multi-Agent Governance
Team charter — scope, members, escalation path — registered.
Section 12.10 — Multi-Agent Architecture Patterns
Pipeline
Agents A → B → C sequential handoff. Each hop requires Delegation Certificate with reduced scope. Audit `correlation_id` links pipeline.
Parallel Fan-Out
Coordinator dispatches subtasks. Coordinator grant MUST cover union of subtask scopes only if `parallel_union_allowed` explicit — default prohibited.
Hierarchical Supervisor
Supervisor receives summaries; raw data access requires separate grant per sub-agent subgraph.
Federation Bridge
Org A agent trusts Org B agent via mutual federation attestation — no merged Organization Graph.
Section 12.11 — Inter-Agent Message Envelope
```json
{
"kaai_envelope": "1.0",
"from_agent": "uuid",
"to_agent": "uuid",
"delegation_cert_id": "uuid",
"correlation_id": "uuid",
"payload_hash": "sha256",
"timestamp": "ISO8601",
"signature": "..."
}
```
Payload encrypted to recipient public key. Replay protection via nonce registry.
Section 12.12 — Multi-Agent Trust Consensus
For high-risk team decisions, optional trust quorum: action requires \( \sum T_{human \to member} \geq \Theta \) across team — human still root authorizer.
Section 12.13 — Agent Team Registration
Team charter registered:
```json
{
"team_id": "uuid",
"members": ["agent-uuid"],
"coordinator": "agent-uuid",
"scope_ceiling": "...",
"escalation_human": "uuid",
"dissolution_trigger": "..."
}
```
Dissolution revokes all inter-agent delegations.
Section 12.14 — Failure Modes in Multi-Agent Systems
- Runaway delegation — depth limit enforcement
- Circular delegation — graph cycle detection at issuance
- Byzantine sub-agent — supervisor halt + human alert
- Scope accumulation — prohibited without explicit union flag
Section 12.15 — Multi-Agent Governance Council
Enterprise MAY establish council — approves team charters, federation agreements, cross-border agent collaborations.
Section 12.16 — Multi-Agent Security Patterns
- Mutual TLS between agent endpoints
- Envelope signature verification before payload decrypt
- Nonce registry against replay
- Correlation ID in all logs for pipeline forensics
- Supervisor heartbeat — sub-agent silence triggers escalation
Section 12.17 — Research Frontiers
Academic and industry research under KAAI governance: formal verification of authorization policies, Byzantine-resilient coordinator election, privacy-preserving multi-agent audit — all subordinate to human root authorization.
PART XIII — KAAI Certificates
Section 13.01 — Certificate Types
Agent Identity, Authority, Authorization, Trust, Delegation, Companion, Device, Family, Organization Certificates.
Section 13.02 — Cryptographic Structures
X.509-inspired or COSE structures — Ed25519 signatures default; PQC migration path documented.
Section 13.03 — Certificate Validation
Chain validation: registrar → sponsor → owner attestation → not revoked → not expired → scope matches action.
Section 13.04 — Revocation Lists
Real-time OCSP-style revocation for certificates and grants.
Section 13.05 — Companion Certificates
Bind Companion to human bond — special duty flags in extension.
Section 13.06 — Device Certificates
Bind agent execution to attested device — Keyra Key, TPM.
Section 13.07 — Certificate Hierarchy
```
Root KAAI CA (global governance)
└── National / Sovereign CA
└── Registrar CA
└── Sponsor CA
└── Agent Identity Certificate
├── Authority Certificate
├── Authorization Certificate(s)
├── Delegation Certificate(s)
└── Trust Certificate(s)
```
Cross-certification between sovereign CAs via bilateral trust anchor exchange.
Section 13.08 — Cryptographic Profiles
| Profile | Signature | Hash | Status |
|---------|-----------|------|--------|
| KAAI-2024 | Ed25519 | SHA-256 | Default |
| KAAI-2024-PQC | ML-DSA-65 | SHA-256 | Migration |
| KAAI-LEGACY | ECDSA P-256 | SHA-256 | Sunset 2028 |
Certificates include `alg` and `key_id` for agility.
Section 13.09 — COSE and X.509 Dual Encoding
Certificates MAY encode as:
- COSE_Sign1 for constrained IoT (Part XXI)
- X.509 v3 with KAAI OID extensions for enterprise PKI integration
Semantic equivalence REQUIRED; translators MUST preserve all KAAI extensions.
Section 13.10 — KAAI X.509 Extension OIDs (Illustrative)
- `1.3.6.1.4.1.KAAI.1.1` — agent_id
- `1.3.6.1.4.1.KAAI.1.2` — purpose_hash
- `1.3.6.1.4.1.KAAI.1.3` — authority_level
- `1.3.6.1.4.1.KAAI.1.4` — class
- `1.3.6.1.4.1.KAAI.1.5` — companion_bond_ref
Section 13.11 — Certificate Revocation Architecture
- OCSP — real-time single cert check
- CRL — batch fallback; max age 4 hours Financial
- Status List — compressed bloom + delta for 10B scale
- Revocation propagation — pub/sub `revoke.{cert_id}` with signed Revocation Certificate
Section 13.12 — Companion Certificate Extensions
```json
{
"companion_bond": {
"human_id": "uuid",
"bond_established": "ISO8601",
"duty_of_care": true,
"memory_sovereignty": true,
"succession_policy_ref": "uri"
}
}
```
Section 13.13 — Family Certificate Extensions
Family Trust Network scope; member quorum refs; minor protection flags.
Section 13.14 — Organization Certificate Extensions
Org Graph node ref; segregation policies; compliance frameworks [SOC2, ISO27001].
Section 13.15 — Certificate Validation Pseudocode
```
function validateChain(leaf, action):
chain = buildChain(leaf)
for cert in chain:
assert verifySignature(cert)
assert notRevoked(cert)
assert now in [valid_from, valid_until]
assert cert.kaai_version supported
assert leaf.scope covers action.scope
assert leaf.agent_id == action.agent_id
return VALID
```
Section 13.16 — Key Rotation and Compromise
On key compromise: issue Revocation Certificate, rotate with `preceded_by`, re-issue delegations, notify trust edges. Maximum rotation completion: 24h.
Section 13.17 — Certificate Transparency Log
Public certificate transparency log for Infrastructure and Government class — merkle tree of issued Identity Certificates. Privacy-preserving: purpose hash only for Personal class optional opt-in transparency.
Section 13.18 — Quantum Migration Roadmap
2024–2027: hybrid classical/PQC signatures dual-signed. 2027–2030: PQC-primary. 2030+: classical sunset except legacy verification read-only. Governance council publishes algorithm agility requirements annually.
PART XIV — Device Trust Integration
Section 14.01 — Device Classes
Phones, Keyra Keys, Secure Elements, TPMs, HSMs, enterprise devices, government devices.
Section 14.02 — Device Trust Framework
Device attestation score modulates authorization — sensitive actions require high-trust device.
Section 14.03 — Keyra Key Binding
Agent high-risk actions require Keyra Key signature.
Section 14.04 — Enterprise and Government Devices
MDM attestation feeds device trust edge.
Section 14.05 — Device Trust Score
\( D \in [0,1] \) per device:
\[ D = w_1 A_{hw} + w_2 A_{os} + w_3 A_{mdm} + w_4 A_{keyra} \]
Weights sum to 1; class-specific minimum \( D \) for action types.
| Component | Description |
|-----------|-------------|
| \( A_{hw} \) | TPM/Secure Enclave attestation |
| \( A_{os} \) | OS integrity, patch level |
| \( A_{mdm} \) | Enterprise MDM compliance |
| \( A_{keyra} \) | Keyra Key presence and signature |
Section 14.06 — Device Certificate Structure
```json
{
"cert_type": "device",
"device_id": "uuid",
"device_class": "phone|keyra_key|hsm|iot_constrained",
"attestation": "base64",
"owner_human": "uuid",
"bound_agents": ["agent-uuid"],
"valid_until": "ISO8601"
}
```
Section 14.07 — Device-Agent Binding
High-risk agents MAY require `device_binding` in Authority Certificate — action valid only when Device Certificate matches bound device_id and fresh attestation (<60s).
Section 14.08 — Keyra Key Ceremony Integration
Keyra Key signs: human authorization, high-value financial action, agent identity creation, panic revoke. Key stores no agent logic — signing oracle only.
Section 14.09 — Enterprise Device Trust
MDM reports: encryption on, jailbreak absent, screen lock, geofence optional. Non-compliant devices → \( D < 0.5 \) → deny Financial execute.
Section 14.10 — Government Device Trust
Government-issued devices use sovereign attestation CA; additional physical security module for classified-adjacent agents (national policy overlay).
Section 14.11 — IoT Constrained Device Profile
Lightweight COSE, short cert validity (24h), automated rotation, no human UI — human authorization at provisioning only. Class: Infrastructure or Personal subordinate.
Section 14.12 — Device Compromise Response
Revoke Device Certificate → suspend bound agents → human notification → forensic export.
Section 14.13 — Device Lifecycle Alignment
Device certificates align with agent lifecycle — device decommission triggers agent Suspension if no alternate device binding within 7 days. New device requires human pairing ceremony.
PART XV — Organization Integration
Section 15.01 — Enterprise KAAI
Organization Graph integration — agent nodes, KAAI attestation on every enterprise agent action per Organization Graph Part XIV.
Section 15.02 — Government KAAI
Citizen-sovereign bounds — government agents cannot access Life Graph without grant.
Section 15.03 — Banking KAAI
Financial Agent class — segregation of duties, PCI audit.
Section 15.04 — Telecom KAAI
Subscriber-sovereign — carrier agents scoped to service subgraph.
Section 15.05 — Healthcare KAAI
HIPAA Vault integration — minimum necessary scope.
Section 15.06 — University KAAI
Student sovereignty — FERPA compliance.
Section 15.07 — Enterprise KAAI Integration (Deep)
Enterprise adoption follows Organization Graph Part XIV — every agent action writes KAAI attestation to Organization Graph audit edge. Enterprise components:
CIO accountability: enterprise sponsor for org-deployed agents.
Section 15.08 — Government KAAI Integration (Deep)
Government agents serve citizens as sovereign humans — not subjects of surveillance. Requirements:
- Citizen grant for any Life Graph access
- Public registry of government agent purposes (classified excepted per law)
- Algorithmic transparency reports
- Cross-agency federation via Government Agent class only
- Election-period restrictions on civic agents per national law
Digital sovereignty: citizen data stays in sovereign shard unless authorized export.
Section 15.09 — Banking and Financial Institution Integration
Banks operate Financial Agent sponsors and validators:
- Payment agents require bank-sponsored Authority Certificate ceiling
- Open banking APIs validate KAAI Authorization Certificate before execution
- AML/KYC hooks at authorization layer — deny codes auditable
- PCI: card data never in agent memory unencrypted
- Real-time fraud graph feeds trust evidence \( E_t \)
Banking consortium MAY operate shared Trust Registry shard for interbank agent trust.
Section 15.10 — Telecommunications Carrier Integration
Carriers scope agents to service subgraph — billing, plan, network quality — not arbitrary Life Graph. SIM provisioning events signed; eSIM profile changes require subscriber authorization via Companion. See Part XVII.
Section 15.11 — Healthcare System Integration
EHR integration via HIPAA Vault — agents read/write minimum necessary nodes only. Clinical agents require licensed human in loop for orders. Break-glass emergency with post-hoc review within 24h. Business Associate Agreements chain: hospital → sponsor → agent.
Section 15.12 — University Integration
University agents split: admin (FERPA records) vs instructional (LMS). Student-owned Life Graph not accessible without student grant. Research agents require IRB certificate extension. Alumni agent sunset on graduation + grace.
Section 15.13 — Cross-Sector Federation Example
Patient (human) authorizes Healthcare Agent (hospital) to share summary with Insurance Agent (payer) — dual grant, scoped subgraph, time-bounded, revocable. Federation attestation links org shards without data centralization.
Section 15.14 — Organization Agent Offboarding
Employee departure: personal agents migrate with human; enterprise agents revoked; audit pack to employer retention; human receives copy of actions affecting personal Life Graph.
Section 15.15 — Sector Compliance Matrices
Detailed compliance mapping documents (maintained by governance council) link KAAI controls to:
- Enterprise: SOC 2 Type II, ISO 27001, NIST CSF
- Banking: PCI-DSS, PSD2 SCA, FFIEC guidance
- Healthcare: HIPAA Security Rule, HITRUST
- Telecom: CPaaS regulations, STIR/SHAKEN for voice agents
- Education: FERPA, COPPA for minors
- Government: FedRAMP, FOIA, sector AI policies
Matrices are advisory for conformance evidence; law prevails on conflict.
PART XVI — Financial Authorization
Section 16.01 — Financial Actions
Payments, transfers, investments, purchases, subscriptions, treasury — each action type enumerated.
Section 16.02 — Budget Authority
Spend against budget node in Organization Graph — real-time balance check.
Section 16.03 — Approval Chains
Threshold-based — amount triggers additional approvers.
Section 16.04 — Spending Limits
Per-agent, per-day, per-transaction limits in Authority Certificate.
Section 16.05 — Financial Agent Governance
Segregation: requestor ≠ approver ≠ executor unless compensating control documented.
Section 16.06 — Financial Action Taxonomy
| Action | Risk tier | Default approval |
|--------|-----------|------------------|
| balance.read | Low | Level 1 |
| payment.execute | High | Level 3+ |
| transfer.wire | Critical | Level 4 + ceremony |
| investment.trade | Critical | Level 4 |
| subscription.create | Medium | Level 2 |
| treasury.move | Critical | Board resolution root |
| crypto.sign | Critical | Keyra Key + Level 4 |
Section 16.07 — Budget Authority Integration
Organization Graph budget nodes maintain real-time balance. Authorization checks:
```
available = budget.allocated - budget.committed - budget.spent
if action.amount > available: DENY
if action.amount + spent > policy_cap: require escalation
```
Section 16.08 — Multi-Tier Approval Chains
Threshold table example:
| Amount | Approvers required |
|--------|-------------------|
| < $500 | Agent within grant |
| $500–$5,000 | Human owner |
| $5,000–$50,000 | Owner + CFO |
| > $50,000 | Board resolution reference |
Encoded in `approval_chain` extension on Authorization Certificate.
Section 16.09 — Spending Limits and Velocity Controls
Per-agent limits: per-transaction, daily, monthly. Velocity: max N transactions per hour. Anomaly detection MAY auto-suspend agent and revoke grants pending human review.
Section 16.10 — Financial Audit and Reconciliation
Daily reconciliation: KAAI-LOG payment entries vs ledger. Mismatch triggers Suspension. Monthly human attestation for standing grants.
Section 16.11 — International Payments
Cross-border payments require `jurisdiction_tags` on grant — FX compliance, sanctions screening at authorization time. Deny with auditable code on sanctions hit.
Section 16.12 — Financial Agent Insurance and Bonding
High-volume sponsors MAY post surety bond; certifiers track claims history in Trust Registry.
Section 16.13 — Consumer Protection
Retail financial agents MUST disclose: owner, sponsor, fees, reversal policy, dispute path. Refunds follow human authorization chain — agent cannot waive consumer rights.
PART XVII — Telecommunications Integration
Section 17.01 — SIM and eSIM
Provisioning events as authorization records.
Section 17.02 — Device and Subscriber Identity
Subscriber owns Life Graph; carrier holds service authorization.
Section 17.03 — Network Identity and Authorization
Network slice authorization for enterprise mobile agents.
Section 17.04 — Trust Settlement
Inter-carrier agent trust settlement — wholesale roaming agent attestations.
Section 17.05 — Authorization Settlement
Billing for authorization events in agent marketplaces — Part XX.
Section 17.06 — Telecom Stack and KAAI Binding
Telecommunications integration spans:
Section 17.07 — SIM and eSIM Provisioning Authorization
Provisioning events produce Telecom Authorization Records:
```json
{
"event": "esim.profile.install",
"subscriber_human": "uuid",
"carrier_org": "uuid",
"profile_id": "...",
"human_authorization_cert": "uuid",
"timestamp": "ISO8601"
}
```
Carrier agents MUST NOT activate profile without human-signed authorization.
Section 17.08 — Subscriber Sovereignty Model
The subscriber owns Life Graph; carrier holds service authorization — billing, plan, network attach. Carrier agents access only `telecom_service_subgraph`. Portability: human exports telecom authorization history when switching carriers.
Section 17.09 — Network Slice Authorization
Enterprise mobile agents operate on dedicated network slices. Slice Authorization Certificate binds: enterprise_id, agent_ids, QoS class, valid_until. Carrier runtime enforces slice boundaries.
Section 17.10 — Inter-Carrier Trust Settlement
Roaming agents attest via carrier federation trust anchor. Wholesale settlement includes: agent attestation count, authorization event volume (Part XX micropayments), incident liability per roaming agreement.
Section 17.11 — Telecom Fraud Prevention
SIM swap attacks: require Keyra Key confirmation for SIM change. Agent-initiated port-out blocked without ceremony. Trust evidence negative on suspicious velocity.
Section 17.12 — 5G and Edge Agent Deployment
MEC (multi-access edge) agents run Infrastructure class with device attestation from carrier edge TPM. Latency-critical agents — bounded scope, short cert TTL, continuous attestation.
Section 17.13 — Legacy Network Interop
SS7 and legacy voice systems bridge through gateway agents — Infrastructure class, strict scope, no direct Life Graph access. Migration path to native KAAI messaging over 10-year horizon.
PART XVIII — Global Registry
Section 18.01 — Registries
Global Agent, Trust, Authorization, Certificate, and Discovery Registries — federated, not monolithic. The Global Agent Registry anchors UUID uniqueness; the Global Trust Registry federates trust evidence; the Global Authorization Registry indexes active grants; the Global Certificate Registry distributes CA material; the Global Discovery Registry resolves agent endpoints.
Section 18.02 — Decentralized Governance
Multi-stakeholder governance — human rights organizations, standards bodies, governments, industry — charter prevents capture.
Section 18.03 — Sovereign Shards
Each nation may host sovereign shard — global discovery, local data residency.
Section 18.04 — Registry Operations
Register, update, revoke, query — API with mutual TLS and KAAI registrar auth.
Section 18.05 — Registry Topology
Five federated registry types:
| Registry | Function | Consistency model |
|----------|----------|-------------------|
| Agent Identity | UUID uniqueness, tombstones | Strong per shard; eventual global |
| Trust | Scores, incidents | Eventual |
| Authorization | Active grants index | Strong; revocation fast |
| Certificate | CA certs, CRL distribution | Strong |
| Discovery | agent.kaai resolution | Cached TTL |
Section 18.06 — Decentralized Governance Model
KAAI Global Governance Council composition:
- 30% human rights and civil society delegates
- 25% standards bodies (IETF liaison, ISO liaison)
- 20% industry sponsors (rotating, capped)
- 15% accredited national registrars
- 10% academic and independent security researchers
Charter prevents: single-vendor capture, government veto of human sovereignty, pay-to-trust without audit.
Voting: constitutional changes require supermajority + human rights review.
Section 18.07 — Sovereign Shard Operations
Each nation MAY operate sovereign shard:
- Data residency for identity and audit metadata
- National law overlays in certificate extensions
- Global discovery still resolves Agent ID → shard endpoint
- Cross-shard queries use federated API with human authorization for personal data
Section 18.08 — Registry API Specification (Summary)
- `POST /v1/agents` — register
- `PATCH /v1/agents/{id}` — lifecycle update
- `POST /v1/agents/{id}/revoke` — tombstone
- `GET /v1/agents/{id}` — discover
- `GET /v1/trust/{from}/{to}` — trust edge
- `POST /v1/authorization/revoke` — propagate revoke
Authentication: mutual TLS + registrar credential. Rate limits scale with sponsor tier.
Section 18.09 — Conflict Resolution
Agent ID collision — impossible via central UUID allocation. Tombstone conflict — global root prevails. Jurisdictional policy conflict — stricter human-protective rule wins at runtime.
Section 18.10 — Registry Economics
Registration fees fund: root operations, security audits, governance council, subsidized personal agent registration in developing economies.
Section 18.11 — Disaster Recovery
Shard failure: read-only mode from cache; writes queue; human revoke via Companion local store syncs when restored. RPO 1h; RTO 4h for Identity shard.
Section 18.12 — Governance Council Procedures
Quarterly public meetings. Amendment proposals: 90-day comment period. Emergency security patches: 72-hour ratification. Human rights impact assessment required for policy changes affecting personal agents.
PART XIX — Sovereign Governance
Section 19.01 — Country Participation
Nations adopt KAAI as reference — national registrar accreditation.
Section 19.02 — Regional Participation
EU, ASEAN, etc. — regional trust frameworks interoperate via mapping.
Section 19.03 — International Participation
ITU, ISO, IEEE liaison — KAAI as input to international standards.
Section 19.04 — Cross-Border Trust
Trust attestations cross border — data does not without authorization.
Section 19.05 — Cross-Border Authorization
Grants carry jurisdiction tags — conflict of law resolution rules.
Section 19.06 — Jurisdictional Rules
Agent class prohibited actions vary by jurisdiction — enforced at runtime.
Section 19.07 — Regulatory Compliance
GDPR, AI Act, sector regs — compliance metadata on certificates.
Section 19.08 — Digital Sovereignty
Human and national sovereignty preserved — no global agent superuser.
Section 19.09 — National Adoption Framework
Nations adopting KAAI as reference framework:
Adoption does not require centralized citizen data — only interoperable certificates.
Section 19.10 — Regional Blocs (EU, ASEAN, AU, etc.)
Regional frameworks map certificate extensions:
- EU AI Act risk class → KAAI class certification requirements
- GDPR lawful basis → `lawful_basis` metadata on Authorization Certificate
- eIDAS qualified signatures → human authorization ceremony equivalence table
Section 19.11 — International Standards Liaison
KAAI maintains liaison with ITU (telecom agents), ISO/IEC JTC 1 (AI and security), IEEE (agent interoperability), W3C (verifiable credentials alignment). KAAI remains subordinate to Human Sovereignty Charter in ecosystem deployments.
Section 19.12 — Cross-Border Trust Mechanics
Trust attestations cross border; data does not without authorization. Foreign Trust Certificate recognized if:
- Issuing CA in bilateral trust anchor list
- Class certification equivalent or mapped
- No sanctions or human rights blocklist flag
Section 19.13 — Cross-Border Authorization and Conflict of Laws
Grants carry `jurisdiction_tags: ["US-CA", "EU-DE"]`. Conflict resolution hierarchy:
Section 19.14 — Jurisdictional Runtime Enforcement
Agent runtime loads jurisdictional policy pack — prohibits actions illegal in any tagged jurisdiction. Example: Financial Agent cannot execute action legal in A but illegal in B when both tags present.
Section 19.15 — Regulatory Compliance Metadata
Certificate extensions:
```json
{
"compliance": {
"gdpr": { "lawful_basis": "consent", "dpia_ref": "uri" },
"ai_act": { "risk_tier": "high", "conformity_assessment": "uuid" },
"hipaa": { "baa_id": "uuid" }
}
}
```
Section 19.16 — Digital Sovereignty Guarantees
No global agent superuser. No backdoor root grant. National shards may air-gap classified agents. Humans retain export and deletion rights regardless of shard location.
Section 19.17 — Sanctions and Human Rights Blocks
Governance council maintains blocklist of CAs and sponsors violating human rights standards — trust anchors revoked with due process.
Section 19.18 — Treaty and Multilateral Alignment
KAAI designed to complement — not replace — international human rights law, Geneva conventions on automated systems where applicable, and bilateral data protection agreements. Cross-border grants cite applicable treaties in metadata where relevant.
PART XX — Agent Economics
Section 20.01 — Agent Licensing
Sponsors license agent deployments — KAAI certification fees fund registry.
Section 20.02 — Agent Certification
Certification fees by class — subsidized for personal and education agents.
Section 20.03 — Trust Fees
Trust audit and attestation services — market of auditors.
Section 20.04 — Authorization Settlement
Micropayments for authorization events in federated agent marketplaces.
Section 20.05 — Agent Marketplaces
Agents discover and contract — scope-bounded, KAAI-governed.
Section 20.06 — Companion Marketplaces
Companion extensions — human-approved only.
Section 20.07 — Future Trust Economy
Economy of authorized intelligence — trust as currency, not data extraction.
Section 20.08 — Economic Philosophy
The agent economy MUST NOT replicate surveillance capitalism. Value flows from authorized services and trust attestation, not covert data extraction. Humans pay for agents that serve under grant; sponsors compete on trust, certification, and accountability — not on lock-in.
Section 20.09 — Agent Licensing Model
Sponsors purchase deployment licenses by class and volume tier:
| Tier | Agents | Annual license (illustrative) |
|------|--------|------------------------------|
| Personal | 1–5 | Subsidized / free |
| Family | 1 hub + 10 | Low |
| SMB | 100 | Moderate |
| Enterprise | 10,000+ | Volume + audit |
| Infrastructure | Platform | Governance contribution |
License fees fund registry, governance, security, and personal agent subsidies.
Section 20.10 — Certification Fee Schedule
Certification fees scale with risk and audit depth:
- Personal L2: self-attestation + automated scan
- Financial: independent audit $X + annual renewal
- Healthcare: HIPAA assessor engagement
- Infrastructure: continuous compliance program
Waivers for nonprofits, education, public health.
Section 20.11 — Trust Audit Market
Accredited auditors compete on quality and price. Trust Certificates tradable only as attestations — not as bypass of human trust edges. Auditor malpractice recorded in Trust Registry.
Section 20.12 — Authorization Settlement Protocol
Federated agent marketplaces charge micropayments per authorization event:
```
settlement_record = {
payer_sponsor, payee_sponsor,
event_type: "authorization.verify",
agent_id, cert_id,
amount_micro, currency,
timestamp
}
```
Clearinghouse batches daily; disputes via KAAI audit trail.
Section 20.13 — Agent Marketplace Governance
Marketplace agents MUST display: Identity Certificate, class, owner, trust score, purpose, pricing. Transactions require scope-bounded Authorization Certificate. Prohibited: agents selling covert data access.
Section 20.14 — Companion Marketplace Economics
Companion extensions — skills, voices, domains — human-approved install only. Revenue share: human, developer, Companion Institute trust fund. No extension may request authority beyond disclosed scope.
Section 20.15 — Future Trust Economy Vision
Long-term: trust-weighted routing — humans and orgs route tasks to high-trust certified agents; low-trust agents receive fewer delegations. Economic incentive aligns with KAAI principles. Reputation portable via Trust Registry export.
Section 20.16 — Anti-Monopoly Provisions
No sponsor may block agent portability. No marketplace may require exclusive registry. Open discovery mandatory.
Section 20.17 — Tax and Accounting Treatment
Authorization settlement micropayments follow local tax law. Sponsors account for certification fees as operational expense. Humans deduct personal agent subsidies per national policy where applicable.
PART XXI — Future Scale
Section 21.01 — One Billion Agents
Edge-first validation — local certificate cache, async registry sync.
Section 21.02 — Ten Billion Agents
Hierarchical registries — regional aggregation, bloom-filter revocation.
Section 21.03 — One Hundred Billion Agents
Device and IoT agents — lightweight certificate profile, constrained class.
Section 21.04 — Civilization Scale
Human + device + agent civilization — KAAI as trust layer beneath application layer — scale invariance via same certificate semantics.
Section 21.05 — Scale Invariance Principle
KAAI certificate semantics do not change with scale. A personal agent on a phone and an IoT sensor at 100B scale use the same logical model — identity, grant, audit — with profiles tuned for compute and bandwidth. Scale is an engineering optimization problem, not a governance redesign problem.
Section 21.06 — One Billion Agents (1B) — Detailed Architecture
At ~1B agents (≈1 per connected human + enterprise agents):
- Edge-first validation — 95% of authorization checks local via cached certificate chain
- Regional registry clusters — <50ms p99 lookup
- Async sync — identity updates propagate within 60s globally
- Companion as edge registrar cache — personal agents validate on device
- Trust decay computed locally — periodic sync of evidence batches
Infrastructure investment: sovereign shards per large nation; CDN for CRL/status lists.
Section 21.07 — Ten Billion Agents (10B) — Detailed Architecture
At ~10B (agents per device, per app, per workflow step registered):
- Hierarchical registries — continental aggregators; bloom-filter revocation (1e-6 false positive acceptable with OCSP fallback)
- Certificate compression — COSE + zstd; purpose hash not full text on constrained devices
- Delegation depth default reduced to 3 — except Infrastructure
- Trust evidence sampling — statistical audit for low-risk classes
- Sharding by agent_id prefix — horizontal scale
Revocation SLA maintained via partitioned pub/sub buses per region.
Section 21.08 — One Hundred Billion Agents (100B) — IoT and Ambient
At ~100B (sensors, actuators, ambient micro-agents):
- KAAI-IoT profile — 128-byte cert; 1h TTL; automated rotation
- Constrained class only — no financial execute; no Life Graph write
- Human authorization at provision — factory or owner pairing ceremony
- Aggregate agents — gateway agent holds delegation tree; sensors hold device certs only
- Trust inheritance — \( T_{eff} \) from gateway with \( \beta = 0.7 \)
Prohibited: 100B unregistered anonymous actuators on critical infrastructure.
Section 21.09 — Civilization-Scale Governance
At civilization scale, governance council adds:
- Automated charter compliance scanning
- AI incident global notification system (not agent authority — human alert)
- Subsidized registry access for global south
- Research on PQC and quantum-resistant trust graphs
Human sovereignty charter remains supreme — scale does not dilute Article I.
Section 21.10 — Performance Benchmarks (Target)
| Scale | Authz check p99 | Revoke propagate p99 |
|-------|-----------------|----------------------|
| 1B | 20ms edge | 30s |
| 10B | 50ms edge | 45s |
| 100B | 100ms gateway | 60s (IoT profile) |
Section 21.11 — Migration Path from Today's Internet
Phase 1: Identity-aware agents (L0–L1). Phase 2: Authorization-governed (L2–L3). Phase 3: Class-certified sector adoption (L4). Phase 4: Global federation (L5). Decades-long — parallel operation with legacy API keys during transition.
PART XXII — Closing Declaration
Section 22.01 — On Agent Trust
Agents require trust because they act in the world on behalf of humans who cannot watch every moment. Trust must be earned, measured, decayed, repaired, and revoked — not assumed from cleverness.
Section 22.02 — On Agent Accountability
Agents require accountability because harm without attribution is injustice. KAAI makes every consequential action answerable — to owner, sponsor, certifier, and human sovereign.
Section 22.03 — On Human Authority
Humans must remain the authority — not because humans are infallible, but because authority is the defining attribute of personhood. KAAI exists to extend human intention, not replace it.
Section 22.04 — Why KAAI Exists
KAAI exists because the alternative is chaos — anonymous agents, irrevocable grants, accountability vacuums, and civilizational dependence on intelligence that answers to no one.
Section 22.05 — Authorized Intelligence
Future digital civilization requires authorized intelligence — not artificial intelligence unleashed, but Keyra Authorized Artificial Intelligence: identified, granted, audited, trusted, revocable, subordinate always to the human who authorized it.
Section 22.06 — Timeless Commitment
We declare KAAI 1.0 the canonical standard for trusted AI agents — constitutional, technical, governance, and global — subordinate to the Human Sovereignty Charter, offered for adoption by all who build the agent age with wisdom.
The human remains the authority. The agent serves under grant. Always.
Section 22.07 — Declaration on Identity
We declare that agent identity is not optional ornament — it is the foundation of accountability in the agent age. Every agent that acts in the world on behalf of a human must be knowable, discoverable, and attributable. Anonymous intelligence in consequential domains is not innovation; it is evasion.
Section 22.08 — Declaration on Authorization
We declare that authorization without cryptography is aspiration, and cryptography without human root is tyranny. KAAI binds both: human-rooted grants, signed, scoped, revocable, inspectable. No corporation, government, or model provider may substitute its will for the human's grant.
Section 22.09 — Declaration on Trust
We declare that trust is dynamic — earned through evidence, decayed through neglect, shattered through betrayal, repaired through accountability. Binary trust — trusted until catastrophic failure — is unworthy of civilization-scale agent deployment.
Section 22.10 — Declaration on Multi-Agent Civilization
We declare that agents will collaborate — in families, enterprises, markets, and federations. Without inter-agent authorization and trust delegation rules, collaboration becomes conspiracy. KAAI makes coordination lawful.
Section 22.11 — Declaration on Institutions
We declare that institutions participate as sponsors and certifiers, not as sovereigns over human agents. Enterprise, government, banking, telecom, healthcare, and education each have legitimate roles — bounded by human authorization and class certification.
Section 22.12 — Declaration on Global Interoperability
We declare that agent trust must cross borders even when data cannot. Nations need not surrender digital sovereignty to achieve interoperability — federated registries, sovereign shards, and mapped compliance metadata suffice.
Section 22.13 — Declaration on Scale
We declare that scale is not permission to abandon principles. At one billion, ten billion, one hundred billion agents, the human remains the authority. Scale changes caching strategies; it does not change the Charter.
Section 22.14 — Declaration on Economics
We declare that the agent economy must serve humans — licensing trust, not extracting surveillance. Markets for authorized intelligence are welcome; markets for covert behavioral manipulation are incompatible with KAAI.
Section 22.15 — Call to Implementers
To implementers we say: build default deny into your runtimes. To regulators we say: map your frameworks to KAAI artifacts — courts deserve better than API keys. To humans we say: demand KAAI conformance for agents that touch your money, health, children, and legal standing.
Section 22.16 — Call to Nations
To nations we say: accredit registrars, protect citizen sovereignty, participate in governance without capture, and never treat agent networks as exempt from accountability because they are novel.
Section 22.17 — Perpetual Subordination Clause
This Standard may be amended for technical agility — algorithms, formats, scale optimizations. It may never be amended to permit agent sovereignty over humans, irrevocable grants, or unauditable consequential action. Such amendments are void ab initio per the Human Sovereignty Charter.
Section 22.18 — Founding Witness
KAAI 1.0 is offered to the world as the Keyra Authorized Artificial Intelligence standard — constitutional in ethic, technical in artifact, global in ambition, human in authority. Let every agent that serves a human do so under grant. Let every human who deploys an agent do so with accountability. Let the agent age be the authorized intelligence age — or let it not be at all.
The human remains the authority. The agent serves under grant. Always.
Section 22.19 — Glossary of Core Terms
| Term | Definition |
|------|------------|
| Agent | KAAI-registered software actor with identity and accountability |
| Authority | Maximum permitted scope ceiling for an agent |
| Authorization | Time-bounded grant to perform specific actions |
| Certificate | Cryptographically signed KAAI artifact |
| Companion | Lifelong human-bonded agent per Companion Charter |
| Delegation | Subset authority transfer agent-to-agent |
| Discovery | Resolution of Agent ID to endpoints and certificates |
| Grant | Synonym for Authorization Certificate in common usage |
| Owner | Accountable human or organization for an agent |
| Registrar | Accredited issuer of identity records |
| Revocation | Invalidation of certificate or grant |
| Sponsor | Entity hosting agent runtime |
| Trust edge | Directed trust score between two parties |
| Tombstone | Immutable deregistration record |
Section 22.20 — Document Maintenance
KAAI 1.0 is the founding standard. Technical errata publish quarterly. Minor version (1.x) may add profiles and algorithms. Major version (2.0) requires governance council supermajority and human rights review. Constitutional subordination to the Human Sovereignty Charter is immutable across all versions.
Section 22.21 — Acknowledgment of Founding Instruments
This Standard stands with the Human Sovereignty Charter, Life Graph Architecture, Companion Charter, Family Trust Network instruments, Organization Graph, and Global Trust Network protocols as co-equal founding architecture of the Keyra Companion Ecosystem — each necessary, none sufficient alone.
Implementers who build runtimes without Life Graph integration build incomplete sovereignty. Implementers who build Life Graphs without KAAI build ungoverned agents. The ecosystem requires both.
Section 22.22 — Final Word
The agent age is not a question of whether machines will act. They already act. The question is whether they will act under human grant — identified, authorized, audited, trusted, revocable — or whether civilization will accept anonymous automation as fate.
KAAI chooses grant. KAAI chooses accountability. KAAI chooses the human as authority.
Always.
Section 22.23 — Conformance Self-Assessment Checklist
Organizations MAY use this checklist for KAAI readiness:
Conformance is a journey; L0 today and L4 tomorrow is valid if the roadmap is documented and audited.
The KAAI Standard v1.0 — Founding Standard of the Keyra Companion Ecosystem