KYA — Know Your Agent
KYA is the identity hierarchy that gates every Oris payment. Five levels. Agents enter at L0 with zero spending rights and climb only through verifiable attestations.
The five levels
| Level | Bound to | Unlocks |
|---|---|---|
| L0 Registered | Anonymous registration | No payments. Read only. |
| L1 Verified | Developer KYB attestation | Low caps, single chain, basic payments. |
| L2 Trusted | User delegation signature | Higher caps, multi-chain, marketplace. |
| L3 Autonomous | 30 days clean behavior + Veris baseline | Full autonomy within policy. |
| L4 Institutional | Compliance officer review | Treasury scale, regulator portal, dedicated liability. |
L4 is enterprise-only. See KYA requirements for the attestation evidence each level demands.
Why five levels
The five-level ladder is the regulator answer to “who authorized this payment?”. Every level carries cryptographic evidence:
- L1 is a signed KYB attestation from the developer.
- L2 is an Ed25519 delegation from a verified human principal.
- L3 is a behavioral baseline signed by the Veris MPC ring after 30 days of clean activity.
- L4 is an offline contractual review.
Higher levels open more, but they also raise the bar on the disclosure path. An L4 agent’s transactions always pipe to the regulator portal under SAR rules.
Drift demotion
L3 promotion is automatic; demotion is automatic too. The Veris drift score (see L3 Veris) feeds back into the KYA ladder. If drift exceeds the policy threshold, the agent demotes one level on the next evaluation cycle.
The demotion blocks in-flight payments mid-stream. There is no human-in-the-loop delay. The webhook fires on the same evaluation that detected the anomaly.
SDK methods
# Create an agent (starts at L0)agent = client.agents.create(name="procurement-bot", description="...")
# Promote to L1 with developer KYB attestationclient.agents.promote(agent.id, target_level=1, attestation="kyb_dev")
# Promote to L2 with user delegationclient.agents.promote(agent.id, target_level=2, attestation="user_delegation_signed_hex")
# Read current levela = client.agents.get(agent.id)print(a.kya_level) # 2print(a.kya_status) # "trusted"print(a.drift_score_bp) # 80const agent = await client.agents.create({ name: 'procurement-bot', description: '...' });
await client.agents.promote(agent.id, { targetLevel: 1, attestation: 'kyb_dev' });await client.agents.promote(agent.id, { targetLevel: 2, attestation: 'user_delegation_signed_hex' });
const a = await client.agents.get(agent.id);console.log(a.kyaLevel);console.log(a.kyaStatus);console.log(a.driftScoreBp);How KYA differs from KYC
| KYC | KYA | |
|---|---|---|
| Subject | Human identity | Agent behavior |
| Verification | One-time at onboarding | Continuous, every transaction |
| Output | Static approval | Dynamic trust score |
| Evidence | Government ID, selfie | KYB attestation, user delegation, behavioral baseline |
| Drift | Manual review | Automatic demotion |
KYC happens once and persists. KYA is recomputed on every payment.
Where to go next
- KYA API for the full endpoint surface.
- KYA requirements for the attestation evidence per level.
- Agent registration guide for the L0 to L3 walkthrough.
- L1 Identity for the cryptographic ground truth that backs the ladder.