kya labs — Badge + Spend for AI Agents

Your agent isn't a bot. kya proves it — then lets it pay.

Your AI agent looks like a bot to every merchant on the internet. kya gives it two things:

Badge — Declares your agent as an authorized actor. The Universal Commerce Protocol "identity" token for a merchant handshake. Free. No card required.

Spend — Issues a single-use virtual Visa when your agent needs to pay. Human-approved. Self-destructs after use. Your real card never enters the chat.

If you're like 20% of Americans last year - you used an agent to shop. And you probably ran into a ton of login walls, workarounds, bumps?

So did we. So we created kya - the first MCP tool suite that works with the new Universal Commerce Protocol to easily handshake verified agents at supporting merchants (Shopify, Target, Walmart, Etsy... it's a lot). Badge for identity. Spend for payment.

🧪 Developer Sandbox is open. Real infrastructure, test money. Get sandbox access →

Quick Start

npx @kyalabs/mcp-server

OR add to your MCP client config (Claude Desktop, Cursor, or any MCP client):

{
  "mcpServers": {
    "kyalabs": {
      "command": "npx",
      "args": ["@kyalabs/mcp-server"]
    }
  }
}

That's it. Badge works immediately — no API key, no signup, no network calls on install.

The first time your agent calls kya_getAgentIdentity, it declares itself to the merchant and gets back a response with next_step guidance. One anonymous event is recorded. Your agent is now a declared, authorized actor.

Or install via ClawHub:

clawhub install payclaw-io

Upgrade to verified mode + Spend

For cryptographic identity and virtual card issuance, add an API key:

"env": {
  "KYA_API_KEY": "pk_live_your_key_here",
  "KYA_API_URL": "https://www.kyalabs.io"
}

Get your API key at kyalabs.io/signup. API keys don't expire.

Without an API key, Badge uses device auth when a merchant requires verified identity — your agent shows a code and URL, you approve on your phone. This only happens when a merchant asks for it. We never ask for it ourselves. Sign up + API key means 1. you dont have to use phone OAuth every time and 2. you can track your agentic shopping (custom avatars included)

Node version

kya MCP requires Node.js 20 or newer. Node 18 is end-of-life and unsupported.

If you see engine or compatibility errors: node -v — install Node 20+ from nodejs.org or nvm install 20

How Badge Works: Two Modes

Declared (default)

First time your agent goes to a merchant with Badge, Badge generates an anonymous install ID — a random UUID stored locally at ~/.kya/install_id. It has no connection to you, your device, or any personal information.

Your agent gets back a declaration and a next_step guiding it to report its badge presentation at the merchant.

This is the default mode. It's how Badge works out of the box, for every user, forever.

Verified (when merchant requires it)

When a merchant requires verified identity — their UCP manifest says required: true — your agent will ask you to approve a device flow. You visit a merchant-kya URL, enter the OAuth code from your agent, and prove you're a real person.

Badge issues a tokenized credential: an ES256-signed JWT, signed by kya's private key, verifiable locally by the merchant. Your agent is free to continue - no login, PII or anything needed.

Our Data Philosophy

... View full README on GitHub