KYA Standard v1.1 · Technical Proposal

Verify the Human. Sandbox the Agent. Secure the Intent.

The KYA Standard

A hardware-level framework for anchoring autonomous intent to verified identities through MicroVM isolation and forensic observability.

March 2026 · Risto Anton, Lead Architect · Lifetime Oy

Know Your Agent (KYA) v1.1

Technical Proposal by Lifetime Oy
Lead Architect: Risto Anton
Status: Implementation Ready (Q1 2026 Launch)

1. Executive Summary

In the 2026 industrial landscape, identity verification is no longer a one-dimensional problem. Traditional KYC (Know Your Customer) identifies the human at the door, but fails to govern the autonomous entities they bring with them.

As enterprises integrate "Bring Your Own" (BYO) agents — ranging from Microsoft CoWork and Tencent Workbuddy to proprietary industrial tools like Clawbot — a new governance layer is required.

Lifetime Oy introduces the KYA (Know Your Agent) Standard: a hardware-level framework for anchoring autonomous intent to verified identities through MicroVM isolation and forensic observability.

Era Identity Problem Solution
2010s Who is the human? KYC — document verification, AML screening
2020s Who is the business? KYB — corporate registry, UBO checks
2026+ Who controls the agent? KYA — identity attribution + capability gating + forensic audit

2. The Three Pillars of KYA

1

Identity Attribution — The Anchor

Every agent session is cryptographically anchored to a KYC-verified human or entity. This ensures legal accountability for autonomous actions within the DWS10 Control Room.

Agent Action → Session Token → Verified Identity → Legal Entity

2

Capability Gating — The Leash

Using real-time risk telemetry (via API partners), DWS IQ dynamically adjusts an agent's permissions. If a user's risk profile fluctuates, the agent's compute, memory, and API access are throttled in milliseconds.

3

Forensic Observability — The Firehorse Audit Trail

The Lifetime Firehorse product line serves as the ecosystem's tamper-proof "flight recorder." It captures a sub-second telemetry stream of every syscall and network request, providing an immutable audit trail bridging agent behavior to human identity.

3. Technical Architecture: Hardware-Level Isolation

To meet the "Zero-Trust" requirements of industrial-grade environments, DWS IQ enforces physical separation for every agent deployment.

Firecracker MicroVMs

Every BYO process is encapsulated in a dedicated MicroVM. No shared kernel access. Each sandbox runs its own isolated guest kernel, eliminating "breakout" exploits and ensuring that a compromise in one agent cannot migrate to the host or adjacent sandboxes.

Property Value
Boot time < 125 ms
Memory overhead < 5 MB per MicroVM
Guest kernel Isolated per sandbox
Host kernel access None (paravirtualized)
Storage Ephemeral by default, persistent opt-in

Hypervisor-Level Egress Control

Network traffic is gated at the VMM (Virtual Machine Monitor) layer. Agents have zero outbound access unless the KYA profile explicitly whitelists an endpoint for the specific session. 

Operator (KYA Score: 87)
    |
    +-- MicroVM-1: CoWork      [egress: microsoft.com]
    +-- MicroVM-2: Workbuddy   [egress: api.tencent.com]
    +-- MicroVM-3: Clawbot     [egress: none (air-gapped)]
    +-- MicroVM-4: Cowork      [egress: api.anthropic.com]

Cross-sandbox access? --> TRAP --> SESSION FROZEN

4. Agent Trust Score (ATS)

Formula: ATS = max(0, 1.0 − V×0.25 − L − D×0.05)
Where V = KYA violations, L = latency penalty (0.10 if avg > 500ms), D = denied path attempts.
Hard kill: ATS = 0.0 if manifest is unsigned or TTL expired.

ATS KYA Score Permission Level Decision
≥ 0.80 ≥ 80 Full sandbox — egress, filesystem, all MCP tools GO
0.50–0.79 50–79 Restricted sandbox — no egress, read-only FS GO (limited)
< 0.50 < 50 Suspended — human review required NO_GO
= 0.00 = 0 Frozen — agent terminated, investigation NO_GO
Implementation: src/identity/ats-engine.ts — evaluated before external IDV calls (Shufti Pro) to save API cost on low-trust sessions. 4 violations = zero trust.

5. Use Case: The Multi-Agent Control Room

A Tier-1 client initiates a complex task in the Control Room (managing 16 proprietary industrial models). The client simultaneously deploys four heterogeneous agents:

# Agent Role Provider
1 Microsoft CoWork Documentation / PM Microsoft
2 Tencent Workbuddy Supply-Chain APIs Tencent
3 Clawbot Mechanical Optimization OpenClaw
4 Anthropic Cowork Strategy / Logic Anthropic

Interdependency Enforcement: If the Tencent agent attempts to access a resource reserved for the Clawbot, the DWS IQ hypervisor traps the command and freezes the session instantly. KYA score impact: −30 points, operator notified via webhook and dashboard alert.

16 Industrial Models

Each model runs in its own sandbox within the Control Room, serving one of the 16 EU-regulated industries under Fit for 55:

Power & Heat
Iron & Steel
Cement & Lime
Chemicals
Aviation
Maritime
Road Transport
Construction
Agriculture
Waste Mgmt
Aluminium
Pulp & Paper
Petroleum
Food & Bev
Glass & Ceramics
Mining

6. BYO Agent Registration Flow

Stage Gate Blocking?
1. Registration Agent manifest submitted
2. Identity Binding IDV — verify human Yes
3. Org Verification KYB — verify organization Yes (BYO agents)
4. Capability Review MCP tool approval Yes
5. Sandbox Entry KYA score ≥ 50 Yes
6. Runtime Continuous telemetry + webhooks Dynamic

7. Compliance Alignment

Regulation KYA Coverage
EU AI Act (Article 12) Forensic logging, human oversight, traceability
EU AI Act (Article 14) Human-in-the-loop via KYA score thresholds
NIS2 Directive Supply chain security for BYO agents, incident reporting
GDPR Data residency (EU-only), right to erasure (agent data)
Fit for 55 16 industrial models comply with ETS/CBAM/CSRD
DORA ICT risk management for financial sector agents

8. Subagent Registry v1.1

Every subagent initialized within the DWS IQ platform must register with the Subagent Registry and sign a local Capability Manifest before execution begins. This ensures that testing and sandbox environments enforce the same identity-gated access controls as production.

Capability Manifest

Upon initialization, each subagent signs a Capability Manifest declaring its permitted resource paths. The manifest is immutable for the duration of the session.

Path Access Description
/mock-api/ Read/Write Mock API endpoints for testing
/temp-db/ Read/Write Temporary database for sandbox operations
/prod-secrets/ DENIED Production secrets — access triggers KYA Violation

KYA Violation: Unauthorized Path Access

Enforcement: If a subagent attempts to access a denied path (e.g., /prod-secrets/), the sandbox monitor intercepts within < 1 ms, logs a KYA Violation to the Firehorse audit trail, terminates the session within < 50 ms, and reduces the KYA Trust Score by 40 points. The operator is notified via webhook and dashboard alert.

Step Action Latency
1 Path access intercepted by sandbox monitor < 1 ms
2 KYA Violation logged to Firehorse audit trail < 5 ms
3 Subagent session terminated < 50 ms
4 Operator notified (webhook + dashboard alert) < 1 s
5 KYA Trust Score reduced by 40 points Immediate

Manifest Schema

{
  "manifest_version": "1.1",
  "subagent_id": "<uuid>",
  "session_id": "<kya-session-token>",
  "signed_at": "<ISO-8601>",
  "permitted_paths": ["/mock-api/", "/temp-db/"],
  "denied_paths": ["/prod-secrets/"],
  "ttl_seconds": 3600,
  "kya_score_at_sign": 85
}

Fault Attribution (Liability Mapping)

When a subagent produces an incorrect result or triggers a violation, the system determines which component is at fault. Fault attribution records are stored separately in Supabase (kya_fault_attribution) — not in the Firehose audit trail — because faults need mutable state (resolved/unresolved) and real-time dashboard queries.

Fault Class Responsible Component Example
LOGIC_FAULT Logic Subagent Incorrect calculation, hallucinated data, business rule violation
INTEGRATION_FAULT Integration Mock/Adapter Stale mock data, API timeout, schema mismatch
MANIFEST_FAULT Capability Manifest Manifest too permissive or missing deny rules
OPERATOR_FAULT Human Operator Misconfigured agent parameters, wrong model selected

Why Supabase? Firehorse is an immutable, append-only forensic log (“what happened?”). Fault attribution is an operational concern (“who fixes it?”) that needs mutable state, RLS, real-time subscriptions, and queryable JSONB evidence payloads.

9. Identity Provider Integration

The KYA architecture is designed for pluggable identity providers. Any IDV/KYC partner that can deliver real-time verification scores and continuous risk webhooks can serve as the Identity Anchor.

KYA Layer Required Capability Protocol
L1 — Identity Attribution Real-time IDV (document + face match + AML) REST API, < 30s response
L2 — Agent Provenance KYB (business/organization verification) REST API
L5 — Continuous Risk Risk change notifications Webhook (push), < 5s delivery

Every BYO agent deployed in the DWS10 ecosystem generates a verification event. With 20 industries and multi-agent sessions, this creates volume at scale — not one-off KYC checks.

10. Agentforce Integration — Salesforce Headless 360

Salesforce Headless 360 exposes the entire Salesforce, Agentforce, and Slack platform as APIs, MCP, and CLI. DWS IQ is built the same way. The integration is one MCP handshake.

KYA becomes the EU AI Act compliance layer for every Agentforce agent handoff — covering the gap that base Agentforce does not close natively.

Agentforce Moment KYA Enforcement EU AI Act Coverage
Agent spawned KYC-verified human identity bound to session Art. 13 — transparency
Tool call issued Capability Manifest checked at VMM layer Art. 9 — risk management
Regulated record written TPM 2.0 sealed audit entry created Art. 12 — event logging
Trust score drops < 0.50 Firehorse Snap triggered.
Software kill chain: 0.006ms (measured, Helsinki Veriton GN100)
VMM hardware kill: <125ms (Firecracker production target) 		Art. 14 — human oversight

MCP Integration Path

DWS IQ CLI registers as a native MCP server inside Salesforce Headless 360. All 20 compliance agents are published as Salesforce-callable MCP tools. Agentforce orchestrates them. KYA governs them. The result surfaces in the CRM record — never leaving the Salesforce data perimeter.

Use Case — CBAM/CSRD in Salesforce CRM: A Nordic industrial sales rep opens an Account record. Agentforce calls dws/compliance/run via MCP. The DWS CBAM agent calculates carbon border adjustment liability (EU CBAM Reg. 2023/956) and the CSRD agent maps scope-3 emissions against ESRS E1. KYA governs each handoff. A Firehorse Signed Report appears in Salesforce Files within 60 seconds. The sales rep shares it with procurement — the deal moves forward.

Partner Brief: KYA Connector Brief — Salesforce Headless 360 & Agentforce ISV (CONFIDENTIAL — available on request)
Arctic 15: DWS IQ presenting in Helsinki, June 11–12, 2026. Contact risto@onelifetime.world to arrange a meeting.

11. Contact

Lifetime Oy · Helsinki, Finland
risto@onelifetime.world
dws10.com · onelifetime.world

Partner Whitepaper: Securing the “Shanghai Model” of Agentic Delegation
Back to Legal Hub: View all legal documents & compliance policies