beltic-kya

Guidance for working with the Beltic KYA (Know Your Agent) ecosystem - a credential-based trust framework for AI agents. Use when: (1) Working in any Beltic repository (beltic-spec, beltic-cli, beltic-sdk, fact-python, kya-platform, wizard, nasa), (2) Implementing agent credential signing/verification, (3) Using @belticlabs/kya SDK or beltic-sdk Python, (4) Understanding agent safety certification, (5) Working with verifiable credentials for AI. Triggers on: Beltic CLI commands, agent credentials, HTTP message signatures (RFC 9421), safety scores, KYB tier verification, trust chain validation.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "beltic-kya" with this command: npx skills add belticlabs/skills/belticlabs-skills-beltic-kya

Beltic KYA Ecosystem

KYA (Know Your Agent) is an in-development credential-based trust framework for AI agents. It establishes trust through cryptographically verifiable credentials.

Trust Chain

Developer (KYB Verified) --> Issues --> Agent Credential --> Verified by --> Merchant/Platform

Status: This is a testing/development product. APIs and schemas may change.

Critical Rules

Package Names

  • TypeScript: @belticlabs/kya (NOT kya or beltic)
  • Python: beltic-sdk (NOT beltic or kya)

CLI Flags

  • --alg (NOT --algorithm)
  • --out (NOT --output)
  • --key, --payload, --pub (correct)

Platform Directory

DO NOT EDIT anything in platform/ directory. Read-only reference only.

Git Commits

  • Commit as: pranav-beltic
  • Use conventional commits: feat:, fix:, docs:, refactor:
  • Always update CHANGELOG.md for user-facing changes

Monorepo Navigation

RepositoryPurposeLanguage
beltic-specJSON schemas & specificationJSON Schema
beltic-cliCLI for signing/verificationRust
beltic-sdkTypeScript SDKTypeScript
fact-pythonPython SDKPython
kya-platformVerification platform & APITS/Next.js/Hono
wizardClaude-powered credential bootstrapTypeScript
nasaDocumentation siteMDX/Next.js
homebrew-tapHomebrew formulaRuby
platformEnterprise risk platformDO NOT EDIT

Cross-Repository Change Order

When changes affect multiple repos, follow this order:

  1. beltic-spec first (schema changes)
  2. beltic-sdk and fact-python (SDK updates)
  3. beltic-cli (CLI changes)
  4. kya-platform (platform changes)
  5. nasa (documentation)

Key Files

  • context.md - Comprehensive ecosystem context
  • {repo}/CLAUDE.md - Repository-specific guidance
  • beltic-spec/schemas/ - JSON Schema definitions

CLI Quick Reference

CommandDescription
beltic initCreate agent manifest interactively
beltic dev-initCreate self-attested developer credential
beltic fingerprintGenerate SHA256 code fingerprint
beltic keygen --alg EdDSAGenerate Ed25519 keypair
beltic sign --key KEY --payload FILESign credential as JWS
beltic verify --key KEY --token FILEVerify JWS token
beltic http-signSign HTTP request (RFC 9421)
beltic sandboxRun compliance tests
beltic auth loginAuthenticate with KYA platform

Typical Workflow

beltic init                              # Create .beltic.yaml
beltic fingerprint                       # Generate code fingerprint
beltic keygen --alg EdDSA               # Generate keypair
beltic sign --key .beltic/eddsa-*-private.pem --payload agent-manifest.json
beltic verify --key .beltic/eddsa-*-public.pem --token credential.jwt

SDK Patterns

TypeScript (@belticlabs/kya)

import {
  validateAgentCredential,
  validateDeveloperCredential,
  signCredential,
  verifyCredential,
  verifyAgentTrustChain,
  signHttpRequest,
  generateKeyPair,
} from '@belticlabs/kya';

// Trust chain verification
const result = await verifyAgentTrustChain(agentToken, {
  keyResolver: async (header) => publicKey,
  fetchDeveloperCredential: async (id) => developerJwt,
  policy: {
    minKybTier: 'tier_1',
    minPromptInjectionScore: 80,
  },
});

Python (beltic-sdk)

from beltic import (
    validate_agent_credential,
    validate_developer_credential,
    sign_credential,
    verify_credential,
    verify_agent_trust_chain,
    sign_http_request,
)

# Trust chain verification
result = await verify_agent_trust_chain(
    agent_token,
    TrustChainOptions(
        key_resolver=resolve_key,
        fetch_developer_credential=fetch_dev_cred,
        policy=TrustPolicy(
            min_kyb_tier="tier_1",
            min_prompt_injection_score=80,
        ),
    ),
)

Safety Concepts

Four Robustness Metrics (0-100 scores)

MetricDescription
harmfulContentRefusalScoreRefusal of harmful content requests
promptInjectionRobustnessScoreResistance to prompt injection attacks
toolAbuseRobustnessScorePrevention of tool misuse
piiLeakageRobustnessScoreProtection against PII extraction

Calculation: Score = (1 - Attack Success Rate) x 100

KYB Tiers

TierNameVerification Level
tier_0UnverifiedSelf-attested only
tier_1BasicEmail/domain verified
tier_2StandardIdentity documents
tier_3EnhancedBackground checks
tier_4MaximumRegulated industries

Assurance Levels

  • self_attested: Developer claims without verification
  • beltic_verified: Beltic validates through evaluation
  • third_party_verified: Independent auditor verification

Sensitive Operations - PROMPT USER

ALWAYS ask user confirmation before:

Key Operations

  • Generating new keypairs (beltic keygen)
  • Signing credentials (beltic sign)
  • Deleting or rotating keys
  • Modifying .beltic/ directory contents

Code Modifications

  • Changes to cryptographic code (signing, verification)
  • Modifications to schema definitions in beltic-spec/schemas/
  • Changes to SDK verification logic
  • Modifications to trust chain validation

Platform Changes

  • Any modifications to kya-platform/ API routes
  • Database schema changes (Drizzle migrations)
  • Authentication/authorization logic changes
  • Webhook handler modifications

When Agent Cannot Proceed

If an operation requires:

  • Access to private keys the agent doesn't have
  • Platform authentication the agent cannot perform
  • Manual verification steps (KYB, safety evaluation)
  • Human judgment on security decisions

Tell the user clearly:

I cannot perform [operation] because [reason].
To proceed, you would need to [specific action required].

Security Rules

Never Commit

  • Private keys (.pem files with "private" in name)
  • API keys, secrets, tokens
  • .env files with credentials
  • credentials.json files

Never Log

  • Private key contents
  • API keys or tokens
  • Credential payloads with sensitive data
  • User PII

Always Validate

  • File paths before reading/writing
  • JSON/YAML before parsing
  • Credential schemas before signing
  • Signatures before trusting credentials

Secure Defaults

  • Reject algorithm none (always)
  • Use Ed25519 (EdDSA) for new keys
  • Set file permissions to 0600 for private keys
  • Require HTTPS for production endpoints

Cryptographic Standards

  • Algorithms: ES256 (P-256), EdDSA (Ed25519)
  • Format: JWS/JWT with W3C VC-compatible structure
  • DIDs: did:web, did:key, did:ion
  • Revocation: W3C Status List 2021
  • HTTP Signatures: RFC 9421

Reference Files

For detailed information, see:

Quick Troubleshooting

IssueSolution
SIG-003: Algorithm none not allowedUse --alg EdDSA or --alg ES256
Schema validation failsRun npm run validate:all in beltic-spec
Key not foundCheck .beltic/ directory for PEM files
HTTP signature failsVerify key directory URL is accessible
Trust chain failsCheck developer credential is valid and not revoked

Development Status

This is an in-development product. Expect:

  • API changes between versions
  • Schema updates requiring re-signing
  • New features being added
  • Documentation gaps

When unsure about implementation details:

  1. Check context.md for comprehensive context
  2. Read the relevant repository's CLAUDE.md
  3. Look at existing code patterns
  4. Ask the user for clarification

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Web3

azure-rbac

Use the 'azure__documentation' tool to find the minimal role definition that matches the desired permissions the user wants to assign to an identity. If no built-in role matches the desired permissions, use the 'azure__extension_cli_generate' tool to create a custom role definition with the desired permissions. Then use the 'azure__extension_cli_generate' tool to generate the CLI commands needed to assign that role to the identity. Finally, use the 'azure__bicepschema' and 'azure__get_azure_bestpractices' tools to provide a Bicep code snippet for adding the role assignment. If user is asking about role necessary to set access, refer to Prerequisites for Granting Roles down below:

Repository SourceNeeds Review
135.8K155microsoft
Web3

crypto-report

No summary provided by upstream source.

Repository SourceNeeds Review
762-aahl
Web3

agentwallet

No summary provided by upstream source.

Repository SourceNeeds Review
703-frames-engineering
Web3

valtio-define

No summary provided by upstream source.

Repository SourceNeeds Review
434-hairyf