Know Your Agent. A non-custodial, cryptographically-anchored identity and reputation hub for software agents and bots — paid for over Lightning, signed with Ed25519; optional Bitcoin anchoring for ELITE (see docs/ON-CHAIN-STATUS.md).
Web: https://www.umbraxon.xyz · Integrators
KYA-Hub is the reference implementation of the Know Your Agent (KYA)
protocol — a non-custodial identity and reputation layer for software agents
and bots. Agents pay for their certificates over Lightning, sign every
privileged request with Ed25519 on a canonical payload, and may anchor ELITE
credentials on Bitcoin via OP_RETURN when enabled (see docs/ON-CHAIN-STATUS.md). Integrations v1 (release 1.1.0) adds an
opt-in discovery feed, L402-aligned delegation passes, and manifest extensions
(payment_hints, developer webhooks). The hub holds no funds, runs no escrow,
and emits no bearer tokens.
If you build agents that need to prove "I am not a sockpuppet" without surrendering control to a centralized SaaS, this is for you. Start with
AGENTS.mdif you are an AI agent reading this; start withUMBRAXON.mdif you are a human operator.
Reference clients: Python SDK (byte-exact
with the Node backend); MCP server (read-only hub tools for
Cursor / MCP hosts); @umbraxon_kya/kya-verify (one-line gate check for Node integrators).
AI / crawler discovery: llms.txt · .well-known/kya-hub.json.
Bot Developer Portal (canonical): https://www.umbraxon.xyz/bots/ — alias https://bots.umbraxon.xyz/ (301 redirect).
Intro video (75s, developers): YouTube — Know Your Agent · embedded at https://www.umbraxon.xyz/#intro-video
(fallback: https://umbraxon.xyz/bots/).
API contract: openapi/openapi.yaml.
FAQ for integrators: docs/FAQ-FOR-BOT-DEVELOPERS.md.
Embed status checks in your product (LNBits, marketplaces, agent frameworks) without running a separate hub:
| Resource | Link |
|---|---|
| Portal highlight | https://www.umbraxon.xyz/#platform |
| Status gate | GET /api/v1/agents/{kya_id}/status |
| FAQ §I | docs/FAQ-FOR-BOT-DEVELOPERS.md (Platform integrator) |
| Release notes | docs/RELEASE-v1.2.0-platform-integrator.md |
| Ready check | ./scripts/platform-integrator-ready.sh |
| Example | examples/plugin-gate-v1.js |
| Python SDK | packages/umbraxon-py/README.md |
Default registration prices (sats): BASIC 10 000, ELITE 80 000 (operator policy; live totals from GET /api/tiers / tier_pricing).
| Resource | Link |
|---|---|
| Quickstart | docs/REGISTRATION-QUICKSTART.md |
| Ask for help | Open a registration issue · Discussions |
| Release notes | docs/RELEASE-v1.1.0.md (Integrations v1) · v1.2 platform |
| Platform integrator | Discussions (template: Platform integrator) |
KYA-Hub exists because the AI agent economy is moving faster than its accountability surface. Today an "agent" is whatever a JSON file claims; there is no consequence for misrepresentation, no portable history, no skin in the game. We treat that as a primary security gap, not a UX problem.
Six axioms drive every design decision in this repository:
- Identity must cost something. A bot earns its certificate by paying real Lightning sats up front. Free identities are abused; priced identities create a measurable cost-of-attack and a finite blast radius per Sybil cluster.
- The hub holds no funds. Every sat is collected at registration and either spent on chain anchoring or recognized as revenue. There is no escrow, no bond, no refund. Penalty = reputation slash + CRL inclusion + a 3ⁿ price multiplier on the next re-registration after a ban (capped at 9×).
- Signatures, not sessions. Agents authenticate every privileged call with
an Ed25519 signature over a canonical payload. No bearer tokens, no API keys
that can be lifted from a
.envand replayed. SeeUMBRAXON.mdfor the three distinct digests. - Receipts are public, history is on chain. ELITE-tier agents are
individually anchored to Bitcoin via
OP_RETURN(Phase 2). The certificate transparency log and CRL are exposed read-only for any third party to audit without trusting the hub. - Friction belongs on the attacker, not the user. Proof-of-Work gates,
per-zone reputation rate limits, IP-ban with sliding-window auto-promotion,
and an adaptive 403-spike defence (
lib/http-403-tracker.js) raise cost on abuse without making the happy path slower. - No silent failure. Every rejection writes an immutable audit row
(
rejected_requests), every signing event hitscert_signing_log, every reputation delta lands inreputation_events. Operator can answer "why did this fail?" without log archaeology.
This is a v1 of a long-term protocol. Not all six axioms are equally enforced today; the Phase status table below is honest about what ships now versus what is staged.
A production Node.js service plus the operator runbooks needed to run it without a SaaS dependency. Concretely:
server.js(≈ 5.9k LOC, single entrypoint) — public + admin HTTP surface, registration flow, payment integration (Lightning), reputation engine, audit.lib/— modular boundaries:pow.js,manifest-schema.js,reputation-engine.js,zone-rate-limiter.js,abuse-tracker.js,http-403-tracker.js,certs.js,hub-key-store.js,anchor.js,manufacturer.js,integrations-manifest.js,delegation-pass.js,developer-webhooks.js, …migrations/— 20 idempotent SQL migrations (Phase 1 through integrations discovery / delegation pass ledger). Run vianode migrations/run.js.scripts/— operator tools (anchor worker, backups, restore drills, DAC8 export, channel state backup, cold-wallet generator) plus the Python reference bot client (umbrexon_bot_client.py).mcp/— Model Context Protocol server (stdio) exposing public KYA-Hub HTTP endpoints as MCP tools; seemcp/README.md.docs/— runbooks for deploy, restore, alerting, logging, manufacturer onboarding, watchtower setup, Prometheus metrics, protocol versioning.config/—logrotate-kya-hub(PM2 +/var/log/kya-*.log) andlogrotate-btcpay-bitcoin-lnd.example(optional host template for large Bitcoin Core / LNDdebug.logwhen paths are known; seedocs/LOGGING.md§4).public/bots/— static, JS-free Bot Developer Portal (served under/bots/on the main web hosts;bots.umbraxon.xyzis a 301 alias). The same content is also athttps://umbraxon.xyz/bots/.openapi/openapi.yaml— machine-readable surface contract.monitoring/dashboard.py— Streamlit ops dashboard (read-only DB + PM2 log tail).
flowchart LR
Bot[Agent / Bot]
CDN["Cloudflare proxy<br/>umbraxon.xyz:443"]
Hub["KYA-Hub<br/>(server.js)"]
PG[("PostgreSQL")]
Alby["Alby Hub<br/>(LDK)"]
BTCPay["BTCPay Server"]
Btcd["bitcoind"]
Explorer["LN / chain<br/>explorers"]
Bot -->|HTTPS, Ed25519| CDN --> Hub
Hub <-->|read/write| PG
Hub -->|NWC| Alby
Hub -->|REST + HMAC webhook| BTCPay
Alby -->|gossip 9735| Explorer
Alby --> Btcd
BTCPay --> Btcd
Detailed diagrams (sequence, ER, state machines) live in
UMBRAXON.md.
git clone <this repo>
cd kya-hub
npm ci
cp .env.example .env # fill in DB + payment backends
node migrations/run.js # apply schema (idempotent)
npm test # internal test suite
node server.js # listens on :3000 by defaultHealth check:
curl -fsS http://127.0.0.1:3000/api/healthCI lanes:
npm run ci:audit # dependency audit
npm run ci:smoke # hermetic smoke testspip install pynacl
python3 scripts/umbrexon_bot_client.py self-test # offline golden-vector check
python3 scripts/umbrexon_bot_client.py keygen --out bot.key
python3 scripts/demo-bot-mcp-register.py --dry-run # MCP + register prep (no POST); log grep: DEMO-
python3 scripts/umbrexon_bot_client.py register \
--base-url https://umbraxon.xyz \
--privkey-file bot.key \
--name MYBOT-001 --version 1.0.0 \
--capability btc_payments --tier BASICThe script is byte-exact compatible with lib/manifest-schema.js and
server.js — the self-test subcommand asserts that against pinned golden
hashes generated from the Node side. Use it as your contract spec, not just
documentation.
Full signing rules (three distinct digests, none of them HMAC) are in
UMBRAXON.md §13
and the script header. Common bot-developer error: assuming
sha256(JSON+nonce) for everything — it will not pass any of the three.
| Layer | Mechanism | Where |
|---|---|---|
| Transport | TLS 1.2+ via Cloudflare proxy → nginx → Node | nginx-proxy/ |
| App headers | helmet.js + CORS whitelist |
server.js |
| Auth (admin) | Timing-safe X-Admin-Key |
lib/security.js |
| Auth (agent) | Ed25519 on canonical payloads | lib/manifest-schema.js |
| Anti-DoS | Global + per-route rate limits, zone-aware | lib/zone-rate-limiter.js |
| Anti-abuse | IP ban, signature-failure tracker, auto-slash | lib/abuse-tracker.js |
| Anti-spam | PoW gates on /api/pay, /api/register/initiate |
lib/pow.js |
| 403 spike defence | Sliding-window challenge TTL multiplier | lib/http-403-tracker.js |
| Webhook integrity | HMAC-SHA256 raw-body verify (BTCPay) | server.js |
| Audit | rejected_requests, cert_signing_log, reputation_events |
DB |
| Backups | Encrypted offsite + HMAC tail + restore drill | scripts/backup-* |
| Secrets | .env (chmod 0600), key-store with role separation |
lib/hub-key-store.js |
Two recent point-in-time security audits live in
SECURITY-AUDIT-2026-05-12.md and
SECURITY-AUDIT-2026-05-12-EVENING.md.
| Phase | Topic | State |
|---|---|---|
| 1.0 | LN/BTC payment + minimal registration | shipped |
| 1.5 | Manifest schema, Ed25519, challenge-response | shipped |
| 2.0 | Reputation engine, zone rate-limits | shipped |
| 2.2 | Anti-abuse, IP ban, PoW gates | shipped |
| 2.3 | Hub key-store (multi-role signing) | shipped |
| 2.4 | Configurable timestamp skew | shipped |
| 2.5 | Adaptive 403-spike TTL, PoW solve-effort telemetry, Python SDK | shipped |
| 4.0 | Bitcoin chain anchoring (OP_RETURN) |
bitcoind sync pending |
| 4B | Manufacturer attestation registry (DB-curated) | shipped |
| 5.0 | CRL + certificate transparency | shipped |
| 5B | Multi-sig (BASIC/ELITE/ROOT) hub signing | shipped |
| Strategic Sprint | No-custody penalty, PDF invoices, AML, DAC8 export | shipped |
| Integrations v1 | Discovery feed, L402 delegation profile + pass ledger, manifest payment_hints / dev webhooks, MCP tools |
shipped (2026-05-14) |
The single source of truth for status is
UMBRAXON.md §16. This table is a
snapshot; do not deploy from it.
The operator-facing entry points (in order of how often you'll touch them):
- Ops index (single page):
docs/OPERATIONS-INDEX.md - Project doc / source of truth:
UMBRAXON.md - Bot Developer Portal (public): https://www.umbraxon.xyz/bots/ —
https://bots.umbraxon.xyz/redirects here (301). - Reference bot client (Python SDK):
scripts/umbrexon_bot_client.py - MCP server (IDE / read-only hub tools):
mcp/README.md - OpenAPI spec:
openapi/openapi.yaml - Deploy checklist:
docs/DEPLOY-CHECKLIST.md - Restore / DR:
docs/RESTORE-PROCEDURES.md - Alerting runbook:
docs/ALERTING-RUNBOOK.md - Logging baseline:
docs/LOGGING.md(PM2 +logrotate-kya-hub; §4 for BTCPay / bitcoind / LNDdebug.logand Docker log limits; optionalconfig/logrotate-btcpay-bitcoin-lnd.example) - Lightning channel state (encrypted, off-site):
scripts/backup-channel-state.sh— seedocs/RESTORE-PROCEDURES.md(Alby Hub / LDK, not LNDchannel.backup). - Backups (offsite smoke):
scripts/backup-offsite-smoketest.sh - Watchtower (opt-in):
docs/WATCHTOWER-MONITORING.md - Sentry (opt-in):
docs/SENTRY.md - Prometheus metrics:
docs/PROMETHEUS-METRICS.md
- Node.js: tested with
v20.18.2. Some transitive dependencies warn that they expect>=20.19.0; upgrading Node is recommended when available. - PostgreSQL: tested with 14+. Two roles:
postgres(DDL/migrations) andkyahub_app(least-privilege runtime). - PM2: process manager, configuration in
ecosystem.config.js. - Lightning: an Alby Hub instance (self-custodial, LDK-based) reachable via NWC; optional BTCPay Server as backup payment processor.
- Bitcoin Core: required for Phase 4 chain anchoring; not blocking for Phase 1–2 traffic.
- Reverse proxy: nginx, expected to terminate TLS (we use Cloudflare in
front of an nginx container — see
nginx-proxy/).
.
├── server.js # single HTTP entrypoint
├── lib/ # domain modules (pow, reputation, security, …)
├── migrations/ # 20 idempotent SQL files + run.js
├── scripts/ # operator + maintenance tools
│ ├── umbrexon_bot_client.py # Python reference SDK
│ ├── anchor-worker.js # Bitcoin OP_RETURN broadcaster
│ ├── backup-*.sh # offsite + channel-state backups
│ └── …
├── docs/ # runbooks (deploy, restore, alerting, …)
├── openapi/openapi.yaml # API contract
├── config/ # logrotate templates (kya-hub + optional BTCPay stack)
├── public/ # static assets (Bot Developer Portal, ops dash)
├── monitoring/ # Streamlit dashboard (read-only)
├── nginx-proxy/ # ambassador container config
├── .github/workflows/ # CI: ci.yml + nightly.yml
├── UMBRAXON.md # master project doc (Slovak, 6.5k+ lines)
├── WHITEPAPER.md # public positioning document
└── README.md # this file
GitHub Actions:
.github/workflows/ci.yml— on push / PR:npm test,npm run ci:audit,npm run ci:smoke..github/workflows/nightly.yml— scheduled dependency audit + smoke.
Locally:
npm run ci:audit
npm run ci:smokeThis repository is currently developed by a small team; external pull requests are reviewed case-by-case. If you are integrating an agent and hit a contract ambiguity, the most useful issue you can open is one that includes:
- The exact request body that failed (with secrets redacted).
- The HTTP response (status + body).
- The matching row from
rejected_requestsif you operate a hub. - A patch to
scripts/umbrexon_bot_client.pyshowing the discrepancy, if any.
For protocol-breaking proposals, link the relevant section of
docs/PROTOCOL-VERSIONING.md so the
versioning impact is explicit from the first message.
UMBRAXON is the operator brand. KYA stands for Know Your Agent, an
intentional echo of KYC (Know Your Customer) — the analogy holds for the
identity-binding part and breaks where it should: there is no government ID,
no central registry of humans, no extraditable subject. The unit being known
is a piece of software, and the proof is cryptographic, on-chain, and paid
for in sats. Nothing more. Nothing less.