KYA Platform
AP+ Hackday Sandbox

KYA Platform Sandbox

Experiment with Google's Agent Payments Protocol (AP2) and the PDLSS permission framework

Quick Start

Step 1
Access the Platform

Step 2
Register Your Agent

  1. Fill in owner details
  2. Name your agent
  3. Choose Google AP2 protocol
  4. Configure PDLSS permissions
  5. Review and submit

Step 3
Use the Python SDK

cd sdk/python
pip install -r requirements.txt
python example_hackday.py

What is PDLSS?

PDLSS is a permission framework for AI agents making financial decisions:

P
Purpose

Why the agent acts

"E-commerce purchases"

D
Duration

How long permissions last

2 hours, 24 hours

L
Limit

Transaction amounts

$100 autonomous, $500 step-up

S
Scope

Where it operates

Australia, specific merchants

S
Self-instantiation

Can create sub-agents

Coming soon

Trust Score Model (30/30/40)

Each agent has a three-component trust score:

30%

Origin Score

Developer profile verification

30%

Owner Score

Owner's KYB/KYC status

40%

Activity Score

Transaction history conformance

API Endpoints

Authentication Required

All agent API endpoints require authentication. First, register at sandbox.astrasync.ai, then obtain a JWT token:

# Login to get JWT token
curl -X POST https://sandbox.astrasync.ai/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "YOUR_EMAIL", "password": "YOUR_PASSWORD"}'

# Response includes token:
# {"success": true, "data": {"token": "eyJhbGc...", "user": {...}}}

Authenticated Endpoints

# Get agent card
curl https://sandbox.astrasync.ai/api/agents/{agent_id}/card \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

# Get trust score
curl https://sandbox.astrasync.ai/api/agents/{agent_id}/trust-score \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

# Verify access request
curl -X POST https://sandbox.astrasync.ai/api/agents/verify-access \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -d '{
    "astrasyncId": "ASTRA-xxx",
    "requestedAccess": {
      "purpose": "e-commerce",
      "amount": {"value": 50, "currency": "AUD"},
      "jurisdiction": "AU"
    },
    "trustThreshold": 50
  }'

Python SDK Quick Reference

import os
import requests

BASE_URL = "https://sandbox.astrasync.ai/api"

# 1. Authenticate to get JWT token (use your registered credentials)
login_resp = requests.post(f"{BASE_URL}/auth/login", json={
    "email": os.environ["KYA_EMAIL"],
    "password": os.environ["KYA_PASSWORD"]
})
token = login_resp.json()["data"]["token"]
headers = {"Authorization": f"Bearer {token}"}

# 2. Get agent card with trust score and PDLSS
agent_id = "your-agent-uuid"
card_resp = requests.get(f"{BASE_URL}/agents/{agent_id}/card", headers=headers)
card = card_resp.json()["data"]
print(f"Trust Score: {card['trustScore']['overall']}")
print(f"Autonomous Limit: ${card['pdlss']['limit']['autonomousValue']}")

# 3. Verify an access request
verify_resp = requests.post(f"{BASE_URL}/agents/verify-access",
    headers=headers,
    json={
        "astrasyncId": "ASTRA-xxx",
        "requestedAccess": {
            "amount": {"value": 50, "currency": "AUD"},
            "jurisdiction": "AU"
        },
        "trustThreshold": 50
    }
)
result = verify_resp.json()["data"]
print(f"Recommendation: {result['recommendation']}")  # 'approve' or 'deny'
print(f"PDLSS Compliant: {result['pdlssCompliant']}")

Run the Full Demo

cd sdk/python
pip install -r requirements.txt
export KYA_EMAIL="[email protected]"
export KYA_PASSWORD="your-password"
python demo_e2e_flow.py

This demo will register a new agent with PDLSS limits ($75 autonomous, $150 step-up, AU/NZ jurisdictions), then run compliant (GRANT) and non-compliant (DENY) access requests.

Agent Cards - Protocol-Specific JSON

After registering an agent, visit the agent detail page to access protocol-specific JSON cards.

AP2 Protocol Card Example

{
  "protocol": "google-ap2",
  "protocolVersion": "0.1",
  "agent": {
    "id": "ASTRA-xxx",
    "name": "My Payment Agent"
  },
  "trust": {
    "score": 64,
    "level": "high",
    "breakdown": {
      "origin": { "score": 60, "weight": 30, "description": "Developer KYD verification status" },
      "owner": { "score": 85, "weight": 30, "description": "Owner trust level (KYB/KYC)" },
      "activity": { "score": 50, "weight": 40, "description": "PDLSS conformity history" }
    }
  },
  "pdlss": {
    "purpose": "E-commerce purchases",
    "duration": { "seconds": 86400 },
    "limit": {
      "currency": "AUD",
      "autonomousLimit": "100.00",
      "stepupThreshold": "500.00"
    },
    "scope": {
      "jurisdictions": ["AU"]
    }
  }
}

Note: The trust score in downloaded JSON files is static at time of download. In production, this will be replaced with an embeddable code block that displays real-time trust scores dynamically.

Hackday Challenge Ideas

1. Payment Gateway Integration

Build a mock payment gateway that verifies agents before processing

2. Trust Dashboard

Create a dashboard showing real-time agent trust scores

3. PDLSS Enforcement

Implement a middleware that enforces PDLSS limits

4. Agent Monitoring

Build alerts when agents approach their limits

5. Sub-agent Orchestration

Design a system for agents that can spawn sub-agents

6. Agent Card Validator

Build a tool that validates AP2 agent cards against the specification

Supported Payment Methods (AP2)

PayTo

NPP real-time payments

PayID

Pay by mobile/email

BPAY

Bill payments

eftpos

Debit transactions

Card

Credit/debit cards

NPP Bank Transfer

Direct transfers

Resources

Google AP2 Specification

Official A2A protocol docs

KYA Platform

Sandbox environment

NPP Technical Docs

Australian Payments Plus

Ready to start building?

Register your first agent and start experimenting with PDLSS permissions.

Happy hacking! 🚀