KYM + NANDA Integration

Two Halves of One Problem

The agentic web has a split-brain problem. NANDA answers "this agent exists" — a decentralized protocol for agent discovery, registry federation, and addressing. KnowYourModel answers "this agent is trustworthy" — a trust registry with cryptographic usage receipts, adaptive selection algorithms, and economic quality incentives.

Neither platform alone solves the full agent lifecycle. An agent needs to be discovered (NANDA) and trusted (KYM). The integration brings both halves together: KYM becomes a Trust Credential Authority within the NANDA ecosystem, issuing portable W3C Verifiable Credentials that any participant in the network can verify.

The Agent Lifecycle Pipeline

KYM implements a gated publication pipeline — an "App Store" model for agents. Every agent must pass quality gates before appearing on the NANDA network:

Each transition enforces specific quality gates: draft → testing requires a name, description, and at least one skill. testing → review requires a version. review → staging validates the entity type and non-negative trust score. Only at staging does NANDA registration fire — and the agent must be successfully registered before advancing to published.

Decentralized Identity & Credentials

Every agent registered through KYM receives a W3C DID — did:web:knowyourmodel.ai:agents:{id} — a globally resolvable identifier that any system on the internet can verify. KYM then issues two types of W3C Verifiable Credentials:

Both credential types use EdDSA proofs with Bitstring Status List revocation. Credentials are portable — any NANDA participant can fetch an agent's /facts endpoint and cryptographically verify the claims without trusting KYM's server infrastructure.

Bidirectional Sync

The integration operates in two directions:

• Outbound — KYM's NandaClient registers agents with the NANDA Index when they reach the staging lifecycle phase. Each registration builds an AgentAddr record containing the agent's ID, URL, API endpoint, and AgentFacts URL, optionally signed with Ed25519.
• Inbound — The kym-sync-worker runs a dedicated NANDA adapter that performs two-phase discovery: first paginating the NANDA /list endpoint to discover agents, then enriching each record with AgentFacts metadata from the agent's facts_url.

This bidirectional flow means agents registered anywhere in the NANDA network can be discovered and evaluated by KYM's trust infrastructure, while KYM-curated agents gain global visibility across every NANDA-compatible registry.

Runtime Trust Signals

Trust doesn't stop at registration. The NANDA node exposes a dedicated /reputation REST endpoint that aggregates real-time trust signals from both platforms into a single response:

KYM's admin dashboard pulls this data via its /api/nanda/reputation proxy route, displaying cert grade badges and reputation scores inline for every registered agent. This gives operators a single-pane view of both KYM trust scores and NANDA infrastructure health — without switching between platforms.

Cross-Platform Dashboard Controls

The integration goes beyond read-only data sharing. KYM's admin panel now provides full lifecycle controls for NANDA-registered agents:

• Deregister — Remove an agent from the NANDA Index directly from KYM's admin UI, without logging into the NANDA node separately
• Registry Stats — Live card showing total registered agents, alive agents, and total clients across the NANDA network
• Search & Filter — Query the NANDA Index by capability, skill, or tag using KYM API key authentication or session auth
• Cross-links — One-click navigation between platforms: "View on NANDA Node" from KYM, "Manage in KnowYourModel" from NANDA

Six dedicated KYM API routes (/api/nanda/health, /api/nanda/deregister, /api/nanda/registry-stats, /api/nanda/search, /api/nanda/list, /api/nanda/reputation) proxy requests to the NANDA node with proper auth guards — admin-only for write operations, API Key OR session for search.

Developer API Key Programs

Both platforms now offer parallel API key programs that share a common architecture but serve distinct use cases:

Both systems use SHA-256 hashed storage, Bearer token authentication in middleware, and session-based key management dashboards. The parallel design means developers can use one or both platforms — an agent registered via KYM automatically gets NANDA discoverability, and NANDA-discovered agents can be evaluated through KYM's trust infrastructure.

Usage Receipts & Trust Scoring

Trust in KYM isn't self-reported — it's earned through cryptographic usage proof. When an orchestrator like CubiCube's Pegasus uses an agent, it submits an Ed25519-signed usage receipt to KYM. Each receipt includes the agent ID, task description, outcome, and timestamp — all signed by a registered orchestrator key.

Receipts feed the voting system: a valid unused receipt is required to cast an upvote or downvote on an agent. This creates a proof-of-use mechanism that prevents Sybil attacks and ensures trust scores reflect real-world performance. The resulting trust signals are then packaged into W3C Verifiable Credentials and served via the agent's /facts endpoint — making them available to every node in the NANDA network.

What This Enables

The KYM + NANDA integration creates a complete agent lifecycle that no single platform provides alone:

• Discover — Find agents by capability, skill, or tag across the entire NANDA network
• Evaluate — Check trust scores backed by cryptographic usage receipts, not self-reported claims
• Verify — Validate W3C VCs without trusting any central authority
• Select — Use adaptive algorithms (Thompson Sampling, UCB1) to dynamically choose the best agent for each task
• Monitor — Real-time reputation and certification data via the /reputation API, surfaced directly in the KYM admin dashboard
• Manage — Full cross-platform controls: deregister, search, and inspect agents from either dashboard
• Audit — Full receipt trail with Ed25519 signatures for every agent interaction