We read every piece of feedback, and take your input very seriously.
Include my email address so I can be contacted
Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.
You must be logged in to block users.
Contact GitHub support about this user’s behavior. Learn more about reporting abuse.
Report abuseEngineering · Platform Architecture · B2B SaaS Technologist Boston, MA · ~30 years across IBM, CyberArk, Alteryx, Digital.ai, Gryphon.ai
I build the systems that sit between traffic, revenue, and the teams that operate them. Platform engineering, GTM systems, traffic integrity, digital intelligence, AI governance. Publicly: 77 distinct repos organised into 12 named platforms, 107 live properties across 17 verticals, and 200+ production-style operator surfaces at v1.0-prod. I also author open specifications for the answer-engine era — and a fifteen-repo implementation stack that consumes them (Suite × Implementations). Polyglot by choice: the language fits the problem, not the resume.
"Long-lived credentials are tomorrow's incident reports. Build short-lived. Audit always. Document once."
12 named platforms · 107 live properties · 11 Suite specs · 17 verticals
| Kinetic Gain Protocol Suite | 12 |
| Kinetic Gain Implementation Stack | 27 |
| AEO Reference Stack | 13 |
| Agent Operations Suite | 23 |
| Platform Reliability Stack | 17 |
| Decision Intelligence | 11 |
| AI Procurement Pulse | 5 |
| HealthTech / Clinical Stack | 18 |
| Growth & Consent Operations | 20 |
| MCP Servers | 38 |
| Landing Sites | 12 |
| Frontend Showcase | 28 |
Counts are platform cluster sizes; a repo may belong to several platforms, so they sum to 224 membership-slots across 77 distinct repos. The 11 Suite specs ship as 71 callable MCP tools via mcp-kinetic-gain. 16 open specifications are published across the full estate.
| Current scope and active build lanes | Current expansion lane |
| Reusable implementation tooling | Developer Toolkit |
| Live public properties and stack composition | Live Now — 60+ properties + implementation stack |
| Vertical operator surfaces | Industry Atlas |
| Local-first product work | Sveska |
| Specs and governance infrastructure | Kinetic Gain Protocol Suite |
| Buyer security diligence — what runs across the estate | kineticgain.com/trust/security-posture/ |
Publication note: many of the repos below were published in a concentrated May 2026 portfolio sprint. The dates reflect public packaging, CI, screenshots, and repo hardening, not the first moment the ideas or workstreams existed.
The current public wave now spans revenue systems, traffic integrity, web-platform reliability, regulated workflow operations, a polyglot language atlas, and multi-cloud identity & platform governance:
Early anchors in that lane:
revops-lead-router — control plane for lead enrichment, CRM routing, speed-to-lead posture, and queue integrity
fraud-click-filter · cf-bot-shield-tf · honeypot-form-validator · anomaly-log-hunter — traffic-integrity layer for blocking fraudulent sessions before they burn ad spend or poison analytics
dbt-multi-touch-attr · gtm-datalayer-standards · seo-vital-monitor · pipeline-velocity-dash — digital-intelligence layer for attribution, signal clarity, and route-level performance posture
offer-ladder-engine — offer-path and conversion-state control for pricing and package motion
edge-redirect-manager · headless-wp-vue-starter — web-platform layer for headless CMS delivery, route migration, preview-safe rendering, and SEO-conscious frontend architecture
regulatory-comment-intelligence-hub · contract-clause-obligation-graph · prior-authorization-evidence-router · patient-consent-audit-stream — regulated workflow layer for approvals, obligation mapping, evidence routing, and synthetic audit posture
creator-partnership-deal-desk · booking-disruption-command-center · menu-availability-sync-engine · store-ops-incident-board — launch and operations layer for creator programs, hospitality disruption handling, menu sync, and store incident response
flutter-operator-console · capacity-optimizer-jl · regulatory-reporting-mart — language-atlas proof that the portfolio ships real operator systems in Flutter/Dart, Julia, and Python, not just one web stack
Multi-cloud identity, platform, FinOps & threat-detection lane — eight operator consoles all at v1.0-prod, all running on their own kineticgain.com subdomain:
Horizontal composition tools for the Suite-as-parallel-structure thesis — four pieces that make the eleven 6-packs demonstrably composable at runtime, structurally comparable as buyer reference, dashboard-observable as Suite-wide posture, and discoverable at the suite hub:
HealthTech + EdTech + PropTech + InsurTech + HR Tech + FinTech + GovTech + LegalTech + EnergyTech + DefenseTech + RetailTech 6-packs — sixty-six sibling specs / profiles / labs that fan out the Suite's regulated-vertical coverage across eleven verticals as parallel structures. Each vertical's six repos mirror the same six shapes (Decision Card vault profile · Incident Card profile · Evidence Bundle profile for compliance · Evidence Bundle profile for bias · Operator audit-stream schema · Operator regulatory-lifecycle tracker), so a buyer's tooling that processes one vertical's artifacts works on the other ten. All v0.1 draft, all MIT (spec-side licensing), all kinetic-gain-protocol-suite topic-tagged, all composing with each other via linked_records so a single deployment's evidence reads as one graph.
TEN reference implementations (AGPL-3.0) — one per vertical, completing 10/10 reference-impl coverage. Each proves its vertical's audit-stream spec is implementable end-to-end, the parallel-structure thesis holds in code, and the per-vertical regulatory invariants survive a real hash-chained trajectory. Together they map five distinct wall-clock invariant patterns the Suite supports (forward-from-event, backward-before-event, must-precede precondition, anchored-on-completed-application, bounded-backward window):
HealthTech 6-pack (FDA + HIPAA + Section 1557 + IMDRF):
EdTech 6-pack (FERPA + COPPA + IDEA / Section 504 + ESSA + 50 state student-data-privacy regimes):
PropTech 6-pack (RESPA + ECOA Reg B + Fair Housing Act + HMDA + GLBA Safeguards + CFPB UDAAP + 50 state real-estate-AI regimes):
InsurTech 6-pack (NAIC AI Model Bulletin Nov 2023 + state DOI adoptions + NY DFS Circular Letter 7 + CO SB 21-169 + CA DOI Bulletin 2022-5 + FCRA + GLBA + ACORD):
HR Tech 6-pack (EEOC AI Guidance May 2023 + Title VII + ADA + ADEA + GINA + OFCCP + NYC Local Law 144 + IL 820 ILCS 42 Video Interview Act + MD HB 1202 Facial Recognition + CO SB 24-205):
FinTech 6-pack (CFPB AI bulletin 2023 + CFPB Section 1071 + CFPB Section 1033 + CFPB UDAAP + OCC/FRB/FDIC joint AI statement 2023 + OCC Bulletin 2011-12 + FRB SR 11-7 + ECOA Reg B + FCRA Reg V + GLBA Safeguards + BSA/AML + SEC/FINRA. Distinct from PropTech mortgage):
GovTech 6-pack (OMB M-24-10 + AI Bill of Rights + Section 508 + Privacy Act + FOIA + NIST AI RMF + EO 14110 [rescinded] / EO 14179 + FedRAMP + state government AI laws — covers government's OWN AI use, distinct from prior 6 verticals which cover government-as-regulator):
LegalTech 6-pack (ABA Model Rules 1.1c8 + 1.6 + 1.6(c) + 1.7 + 1.9 + 3.3 + 5.3 + 5.5 + attorney-client privilege + work-product doctrine + state bar opinions (CA / NY-COSAC / FL / DC / PA / TX / IL) + Mata v. Avianca-era federal court standing orders — covers attorneys' OWN AI use ethics, distinct from prior 7 verticals):
EnergyTech 6-pack (NERC CIP-002 through CIP-014 + NERC operating procedures + FERC Orders 2222 + 715 + TSA Security Directives SD-2021-02 / SD-2021-02C + DOE EO 14028 implementation + EPA Clean Air Act Section 114 + state PUC orders (CA / NY / TX / MA / IL / WA) + ISO/RTO Business Practice Manuals — covers AI tools touching the bulk electric system + pipelines + wholesale energy markets, distinct from prior 8 verticals):
DefenseTech module (DFARS 252.204-7012/7019/7020/7021 + CMMC 2.0 L1/L2/L3 + NIST SP 800-171 r2 + NIST SP 800-172 + ITAR 22 CFR 120-130 + EAR 15 CFR 730-774 + EAR deemed export 22 CFR 120.50 + E.O. 13526 + ICD 705 + DoDI 5230.24 + CUI Notice 2020-04 + NISPOM 32 CFR 117 + FAR 52.204-21 + False Claims Act 31 USC 3729 — covers AI tools used by DIB prime + sub contractors + FFRDCs + defense-systems integrators touching CUI / classified / ITAR-controlled technical data, distinct from prior 9 verticals):
RetailTech 6-pack (FTC Section 5 + FTC 2023 algorithmic-pricing guidance + FTC Operation AI Comply 2024 + EU Omnibus Directive 2019/2161 Art 6a personalized-pricing disclosure + NY S365A ATBP + NYC §22-1201 biometric ordinance + CA SB-892 + CA CPPA ADMT (effective 2026-01-01) + CCPA / CPRA + BIPA 740 ILCS 14 + IL SB 2979 (2024) per-scan-stacking remediation + PCI DSS 4.0 + GLBA Safeguards retail-finance — covers AI tools in retail commerce: dynamic + personalized pricing, recommendation engines, fraud detection, biometric checkout, loyalty / refund AI, distinct from prior 10 verticals because RetailTech has NO federal adverse-action statute equivalent to ECOA — invariants are driven by FTC §5 + EU + state law + BIPA biometric consent + PCI DSS scope segregation):
Polyglot Operator Reporting lane — three new operator surfaces in three different runtimes, each picked because the language fits the problem (mobile briefings → Flutter, scientific optimization → Julia, warehouse-style mart → Python). All v1.0-prod, all subdomain-deployed:
Buyer-facing operator surfaces lane — 5 net-new, all hardened same day (2026-06-02) — single-file static HTML dashboards (no backend, no telemetry), each playing a specific founder-credibility lever. Same 4-tab pattern (overview · anomalies · external sync · audit chain), 30 entities of synthetic data baked in, ed25519-signed hash-chained audit-stream events, apex-aligned visual language (onyx + cream + emerald). Status: all five at v1.0-prod — CI matrix on Node 20+22, 15 structure + data-integrity tests, html-validate lint, GitHub Release per tag:
Current state: 77 distinct public repos (224 cluster-memberships across 12 named platforms) backing 107 HTTP-200 live properties across 17 verticals. Operator-surface hardening backlog (squad doctrine v1.1): 201 repos at v1.0-prod cumulative (org-wide, measured via gh api 2026-06-04) — the most recent additions: 56-repo squad-tag sweep on 06-04 + lease-obligation-risk-board unblocked same day (113 hPanel subdomains provisioned · 187-slot headroom on the 300 cap). The full grouped index is at kineticgain.com/constellation; the live estate snapshot at kineticgain.com/state/. Constellation security posture: 24+ buyer-facing surfaces at A/90 on the kg-header-audit rubric — HSTS preload-ready, CSP locked, fonts self-hosted, COEP require-corp enabled.
2026-06-03/04 deploy chain + squad sweep (most recent milestone): Fired 59-subdomain mass deploy after Cloud Professional plan upgrade, then in a single follow-up session swept the squad-tag backlog: 56 Codex-shipped v0.1-shipped repos hardened to v1.0-prod in one pass with zero file additions (Codex v2-era scaffolds already include AGPL LICENSE + Dependabot + CHANGELOG). Net delta: 42 → 60 → 116 (post 56-sweep) → 201 (cumulative across all 2026 hardening waves) — the 56-sweep took the 06-04 milestone count from 60 → 116; an org-wide re-measurement via gh api on 2026-06-04 evening showed cumulative v1.0-prod across the entire estate is now 201, reflecting accumulation from prior waves (RetailTech 6-pack · board-/portfolio- batches · the 2026-05-31 Squad Triage Phase 2 waves · the 56-sweep itself). Sitemap-index 115 → 138 entries · GSC re-submitted (687 URLs / 0 errors / 0 warnings). Shipped 5 new apex docs: /state/ (live estate snapshot), /docs/subdomain-inventory.md (113-subdomain × CNAME × HTTP matrix), /docs/deploy-doctrine.md (Hostinger FTP cap behavior + reusable retry pattern), /docs/session-retrospective-2026-06-04.md, /docs/subdomain-orphan-resolution.md. Codified the sleep 60 step between FTP attempts and rolled it across 45 KG repos' deploy.yml.
Three sibling repos enforce a buyer's AI Procurement Decision Card → PolicyBundle at request time, one per upstream surface — the v2 strategy's IBM-credibility flagship lane. Same primitive (deny-trumps-allow eval, x-kg-correlation-id propagation, audit-stream emission), three platforms:
Same buyer-published AI Procurement Decision Card (now at v0.3), a different enforcement axis: instead of gating requests, this family gates field-level PII at the seam. The Decision Card declares data_vault_targets[] (v0.2 — who can read) and retention_envelope[] (v0.3 — how long the data lives and how deletion is signed). Four sibling surfaces consume one contract:
One Decision Card, four enforcement points. Same SkyyflowVault interface across server-side (rag-sentinel), client-side (deal-desk-workspace, console), pipeline-side (bridge lib), and CLI.
Fourteen new public repos now sit underneath the portfolio as a reusable developer toolkit layer:
These are not customer-facing protocol specs. They are the implementation toolkit underneath the protocol layer: manifest scanning, disclosure generation, tool drift detection, runtime adapters, evidence integrity, cost spans, and Kubernetes-native governance publishing.
The next ~10 operator-surface repos are organized as three sub-verticals × four-tier monetization ladder, with SEO and security posture as first-class concerns on every repo. Each lane lands on a real enterprise platform; each repo carries the credible "from someone who lived in this stack" hook — IBM enterprise integration · CyberArk identity · Alteryx analytics.
Three sub-verticals:
| Workflow / CX | IBM watsonx Governance · Genesys Cloud · Camunda 8/Zeebe | CISO / CTO / Platform Eng / VP CX | Kinetic Gain Suite |
| Workforce / Internal Comm | UKG Pro · employee-AUP cross-cut · FirstUp (second-tier priority) | CISO / Head of HR Tech / Compliance | Kinetic Gain Suite |
| Growth Ops | Klaviyo EP · VWO REST · MarTech-stack cross-cut | CMO / RevOps / Growth Eng | Lane under Kinetic Gain (growth.kineticgain.com) — brand split deferred until demand proves it |
Four-tier monetization ladder per repo (honest tier wording):
| 1 · Free operator surface | Public README + static dashboard + CLI + synthetic fixtures at <repo>.kineticgain.com | $0 | "Free now" — only once deployed and CI-green |
| 2 · Template / policy pack | Governance YAMLs · dashboard configs · audit checklist templates · CSV starter datasets | $49–$199 | "Template pack available" OR "Template pack planned" — never imply available if not |
| 3 · Hosted SaaS | OAuth into tenant · multi-tenant scheduling · signed evidence packets | $99–$499 / mo | "Hosted preview" — only when a real OAuth + tenant path exists; otherwise omit |
| 4 · KGE module | Embedded in-app dashboard inside the customer's own product, per kineticgain.com/embedded | $1.5K–$7.5K / mo | "Embedded available by engagement" — direct-contract phrasing, no signup form |
Tier-4 runtime SDK shipped (2026-05-30): kinetic-gain-embedded v0.1 — drop-in TypeScript SDK (Apache-2.0, zero runtime deps, dual ESM/CJS) for B2B SaaS embedders. Emits hash-chained audit events, enforces Decision Card vault contracts before AI tools touch sensitive data, signs with ed25519. 42 tests across 4 suites; CI matrix on Node 20+22. The runtime side of the Suite; hosted tiers stack on top.
Default for a tier-1-only repo: list tiers 1 + 2-planned only. No SaaS-looking promises without an OAuth + billing + tenant + support motion behind them.
Cross-cutting (every repo, no exceptions):
Phase 0 anchors (founder-credibility-ordered):
Three anchors prove the four-tier ladder in three distinct buyer contexts before the remaining 7 fill out at tier-1 + tier-2-planned. FirstUp deferred to second-tier priority — good fit, weaker instant recognition than IBM/Genesys/Camunda/UKG/Klaviyo/VWO.
The portfolio runs on two parallel layers that compose:
Green = spec layer (the foundation). Blue = the four cross-ecosystem hooks that make it a stack rather than a pile. Grey = supporting implementation tools that feed into either side. Amber = the tamper-evident audit spine every governance moment writes to. Purple = the unified MCP surface that exposes the whole thing to Claude through one config entry.
Zoom in on the amber spine: every governance moment in the stack writes to one hash-chained, tamper-evident log via audit-stream-py. Same opt-in env-var contract (AUDIT_STREAM_URL) across all seven producers; same best-effort semantics (a failed POST is logged, never raised). 17 event kinds, seven producers, four FastAPI services + three Rust crates, all feeding one verifiable narrative an auditor can replay end-to-end.
Blue = Python FastAPI producers. Tan = Rust producers (two libraries gated behind --features audit-stream so library consumers can strip out the HTTP dep, one axum service with the feature on by default). Amber = the spine itself. Grey = the three downstream surfaces auditors and operators consume.
Shipped 2026-05-31 as a coherent apex layer for the buyers who can't easily map a Suite spec to a same-day decision. Vanilla JS, inline CSS, JS<30KB per page, strict CSP, no login, no telemetry. Aligned in vocabulary with NIST AI RMF, EU AI Act, ISO/IEC 42001, GDPR Art. 28, ISO/IEC 27018, SOC 2 CC9.2 — never "compliant" / "certified" without external attestation.
| kineticgain.com/calculators/ | Six math-rubric calculators — AI build-vs-buy, cloud replatform ROI, compliance cost of delay, security breach exposure, AI use-case prioritizer, vendor renewal decision. Transparent formulas, dollar-impact ranges. | CFO · CIO · CTO · COO · Procurement |
| kineticgain.com/trust/ | Trust Pack — 8 tools — AI System Card Builder · Evidence Locker · Shadow AI Discovery · AI Vendor Intake · AI Incident Tabletop · Risk Register · Subprocessor Disclosure Template · Vendor AI Disclosure Review (Pulse compound). | Head of Trust · CISO · GC · DPO |
| kineticgain.com/portfolio-triage/ | 9-dimension per-portco scoring — verdict bands (help-now · operator-support · prepare-for-diligence · monitor · leave-alone), CSV/JSON/MD export. | PE operating partner · VC ops · Holdco |
| kineticgain.com/kill-list/ | Complexity tax audit — 8 drag categories × 3 prompts; ranked stop-doing list. | COO · Operations leader |
| kineticgain.com/policies/ | 10-vertical readiness spec aggregator — index linking the HIPAA/FERPA/ECOA/NAIC/EEOC/CFPB/OMB/ABA/NERC CIP/DFARS readiness specs from the Suite. | All buyers · readiness research |
Companion: kinetic-gain-embedded SDK ships a docs/sales/PROCUREMENT-PACKET.md — KGE-enabled 17-section fill-in template for the inverse audience (the SaaS founder selling INTO an enterprise security review, leveraging KGE's hash-chained audit + vault-contract tokenization as verifiable claims).
A 115-repo Codex squad backlog triaged + classified + 92% drained in one continuous session. Three coherent product lanes emerged in the first pass. A 4th lane (Sales Enablement) crystallized later same day from Codex's evening ship-out. A 5th lane (Executive Intelligence) followed from a 9-repo product-judgment triage — 5 surfaces survived buyer-distinguishability, 4 archived with supersession notes.
Distinct from /trust/ governance scaffolding and /calculators/ rubric math. Net-new lane after 10 exec-family duplicates were archived publicly with supersession notes pointing at the apex executive-tools layer.
| reality.kineticgain.com | CFO · Board · Vendor-claim review | Claims-vs-Reality Engine — vendor-claim/proof-gap scoring + board-ready diligence output |
| revenue.kineticgain.com | CRO · Growth Ops | Revenue Infrastructure Scorecard — pipeline integrity, attribution health, conversion-stack maturity |
| replace.kineticgain.com | CFO · CIO · Procurement | Vendor Replacement Intelligence — narrower than the rubric Vendor Renewal calc; surfaces switching-cost data |
| members.kineticgain.com | Growth Ops · WordPress | WordPress Member Journey Consent Kit — lifecycle consent evidence across login/profile/upgrade/cancel |
Pending Codex CI fixes (issues filed): identity.kineticgain.com · martech.kineticgain.com · experiments.kineticgain.com · margin.kineticgain.com.
Eight clinical / GxP-territory operator surfaces. Each explicitly states "no claim of HIPAA / GMP / GxP / FDA compliance" — readiness/posture/scaffolding only. Synthetic data, no patient/clinician/biotech secrets.
gxp (Change Control Board) · assay (Release Readiness) · capa (Deviation/CAPA Ledger) · narrative (Clinical Event Review) · diagnostics (QC Evidence Router) · instruments (Instrument Change Audit) · safety (Pharmacovigilance Signal Router) · specimen (Chain Of Custody Console)
Seven new entries to the Polyglot Platform Stack: 3 Julia (appeals Campaign Appeal Fatigue Monitor · treasury Liquidity Signal Lab · yield Forecast Studio), 3 R (care Variation Analysis · loss Claims Trend Lab · donors Cohort Risk Lab), 1 Python (outcomes Program Outcome Proof Ledger).
The seller-side counterpart to the buyer-trust tooling at /trust/. Four operator surfaces that compress the cycle time of vendor-diligence response — proof-gap monitoring, trust-center evidence packaging, security-questionnaire answering, RFP assembly. Same readiness/posture/scaffolding vocabulary discipline (no "compliant" / "certified" claims).
| proofgap.kineticgain.com | Sales · Diligence response | Vendor Proof Gap Monitor — claim coverage, evidence freshness, benchmark confidence, reuse safety |
| trust.kineticgain.com | Sales · Trust ops | Trust Center Evidence Room — evidence packaging, artifact freshness, review readiness, buyer-safe diligence posture |
| questionnaire.kineticgain.com | Sales · Security response | Security Questionnaire Answer Studio — answer library, response ownership, cycle-time reduction, trust-evidence reuse |
| rfp.kineticgain.com | Sales · Procurement response | RFP Response Assembler — RFP coverage, differentiation, evidence reuse, submission readiness |
Survivors of the 9-repo exec-family product judgment triage. Each carries a buyer-distinguishable promise (rather than the "executive-intelligence template prose" word-salad that got the other 4 archived).
| sparring.kineticgain.com | Founder · CEO · Board prep | Boardroom Sparring Partner — board-prep Q&A rehearsal, pushback, memo posture, investor-facing readiness |
| thesis.kineticgain.com | Founder · Fundraising | Category Thesis Builder — investor-ready category framing, why-now clarity, thesis-defensible narrative |
| exit.kineticgain.com | Founder · Pre-exit | Exit Room — exit-readiness intelligence, red flags, diligence gaps, investor-facing deal posture |
| style.kineticgain.com | Brand · Design system | Brand Governance Styleguide — approved tokens, pattern approvals, release-safe style posture |
| release.kineticgain.com | DevEx · Platform release | Release Readiness Shell Kit — bash-native launch blockers, rollback posture, freeze windows |
(Subdomain HTTPS provisioning is first-time-on-Pages; full SSL lands within 24h. HTTP confirms content is live.)
All 21 protocol PR-gate + governance Actions LIVE on GitHub Marketplace as of 2026-05-31. Each has v0.1.0 exact-version + floating v0.1 major-version tags for consumer pinning:
See full per-protocol breakdown under 🎯 PR-Gate GitHub Actions below.
kinetic-gain-embedded@0.1.1 published to npm with provenance attestation (Apache-2.0, dual ESM/CJS, zero runtime deps, Node 20+). Drop-in audit-stream + Decision Card vault contract SDK for B2B SaaS embedders:
Pricing tiers · ROI calculator · Procurement Packet template · Synthetic case study
| suite.kineticgain.com | Kinetic Gain Protocol Suite — canonical front door for all 11 open AI governance specs + NIST AI RMF crosswalk | Recruiters / investors / generalist |
| docs.kineticgain.com | Quickstart hub — per-role guides (CISO / district / healthcare vendor / answer engine) + canonical /.well-known/ path map | New visitors / implementers |
| directory.kineticgain.com | Vendor directory — curated list of domains publishing Kinetic Gain documents | Procurement reviewers |
| examples.kineticgain.com | Examples gallery — pick a spec, see its canonical example with JSON highlight | Developers / spec authors |
| walker.kineticgain.com | well-known-walker — paste any domain, see every Kinetic Gain disclosure it publishes | Procurement / Risk reviewers |
| bench.kineticgain.com | prompt-injection-bench — visual harness, paste a JSONL transcript, see pass rates | CISO / Red-team / Trust & Safety |
| pulse.kineticgain.com | AI Procurement Pulse — quarterly research index of vendor AI governance disclosure across the open internet | Journalists / Analysts / Buyers |
| aeo.kineticgain.com | AEO Protocol — interactive visualizer | Platform Eng / AEO |
| prompts.kineticgain.com | Prompt Provenance | LLM Platform / SRE |
| agents.kineticgain.com | Agent Cards | Platform Eng / Procurement |
| evidence.kineticgain.com | AI Evidence Format — WordPress reference impl: ai-evidence-block | RAG / Search / Answer engines |
| toolcards.kineticgain.com | MCP Tool Cards | MCP authors / Platform Sec |
| tutor.kineticgain.com | AI Tutor Cards | EdTech / District Procurement |
| student.kineticgain.com | Student AI Disclosure | Academic integrity / LMS |
| aup.kineticgain.com | Classroom AI AUP | District / school / instructor |
| clinical.kineticgain.com | Clinical AI Disclosure (HIPAA / FDA / SaMD) | Hospital CMIO / Compliance |
| incidents.kineticgain.com | AI Incident Card — "CVE for AI agents" | CISO / Trust & Safety |
| decisions.kineticgain.com | AI Procurement Decision Card — the buyer-side artifact (spec #11) | Procurement / District / Agency |
| gv.kineticgain.com | GitVisualizer — visual portfolio intelligence for any GitHub user | Engineering / Hiring |
| mcp.kineticgain.com | MCP Sentinel — governance dashboard for Model Context Protocol servers | CISO / Platform Security |
| rag.kineticgain.com | RAG Sentinel — hallucination, drift, and citation quality monitoring | ML / AI Ops |
| observe.kineticgain.com | AgentObserve — operator console for AI agent fleets | SRE / Platform |
Across the live property network: mix of AGPL-3.0 and Apache-2.0, CI green, push-to-deploy via FTP Action. The current mix includes React + TypeScript operator apps, hand-written static HTML landings, and newer vertical command surfaces.
Fifteen standalone vertical operator surfaces, each a TypeScript control plane for a regulated/operations workflow — intake → risk & obligation mapping → posture → safe escalation. Codex ships at v0.1-shipped; I (Platform/SRE) harden each to v1.0-prod: CI on Node 20 + 22, ≥60% service-test coverage, AGPL-3.0, Dependabot, npm audit, SECURITY.md, static prerender → GitHub Pages. All live, all CI-green.
| dockets → live | GovTech / RegTech | Regulatory comment intake, obligation mapping, approval posture, evidence-packaged submission (dockets.kineticgain.com provisioning) |
| clauses.kineticgain.com | LegalTech | Clause extraction, obligation graphs, review blockers, renewal-safe execution |
| priorauth.kineticgain.com | Digital Health | Prior-auth evidence routing, payer rules, approval-safe escalation |
| consent.kineticgain.com | Digital Health | Consent state, audit streams, revocation-safe escalation |
| shipments.kineticgain.com | Supply Chain | Shipment exceptions, carrier rules, SLA-safe recovery |
| downtime.kineticgain.com | Manufacturing | Downtime incidents, root-cause blockers, restart-safe escalation |
| dispatch.kineticgain.com | Mobility | Dispatch readiness, route adherence, SLA-safe intervention |
| catalog.kineticgain.com | Commerce | Catalog schema governance, dependency blockers, release-safe field changes |
| campaigns.kineticgain.com | Growth / MarTech | Campaign taxonomy, audience blockers, launch-safe conventions |
| creators.kineticgain.com | Creator economy | Partnership deal desk, obligation blockers, launch-safe collaboration |
| bookings.kineticgain.com | Travel / Hospitality | Booking disruptions, recovery blockers, guest-communication posture |
| permits.kineticgain.com | Construction / GovTech | Permit-package readiness, inspection posture, construction-safe submission |
| crops.kineticgain.com | AgriTech | Crop-compliance observations, field-review triage, buyer-safe packet posture |
| menus.kineticgain.com | Food / Restaurant Tech | Menu availability sync, channel posture, launch-safe conventions |
| stores.kineticgain.com | Retail / Store Ops | Store incident triage, SLA blockers, reopen-safe recovery posture |
HealthTech surfaces (priorauth, consent) are HIPAA-readiness scaffolding only — synthetic data, no PHI; see each repo's SECURITY.md.
Seventeen Action wrappers that turn every Kinetic Gain protocol library into a per-PR governance gate. Composite Node 20 actions with dist/index.js committed for SHA/tag pinning, hermetic tests with injected gitShow, AGPL-3.0-or-later, Dependabot-managed.
Each one retrieves the previous version of a single governance doc via git show <base.sha>:<path>, diffs against HEAD, posts the structured diff as a PR comment, and fails the build on breaking changes.
| A2A AgentCard | agent-card-diff-action | autonomy-level-elevated, tool-side-effects-elevated, incident-response-uri-removed, refusal-category-removed |
| MCP Tool Card | mcp-tool-card-diff-action | side-effect-class-escalated, pii-exposure-escalated, human-approval-removed, external-system-added, input-schema-changed |
| Prompt Provenance | prompt-provenance-diff-action | prompt-hash-changed, approval-state-regressed, lineage-parent-changed, intent-out-of-scope-changed |
| Evidence Bundle | evidence-bundle-diff-action | item-hash-changed, item-removed, signature-removed, signature-signer-changed, bundle-expires-shortened |
| OTel GenAI rollup | otel-genai-diff-action | cost-increased, input-tokens-jumped, output-tokens-jumped, model-added, currency-changed (configurable threshold) |
Each one summarizes a single doc against the rest of a fleet (a directory of peer docs of the same protocol), surfacing the outliers and posting a structured PR summary.
agent-card-fleet-summary-action · mcp-tool-card-fleet-summary-action · prompt-provenance-fleet-summary-action · evidence-bundle-fleet-summary-action · otel-genai-fleet-summary-action
The wiring that ties the per-protocol quintets together across mixed-content repos:
| kg-protocol-detect-action | Scans a directory of JSON docs and identifies which Suite protocol each belongs to. Routes mixed-content repos to the right per-protocol diff lane. |
| kg-suite-canonicalize-action | Canonicalizes every Suite doc in a directory (stable key ordering, hash-ready output). PR-gates drift between canonical and authored forms. |
| kg-suite-conformance-runner-action | Runs spec-conformance checks across every Suite doc in a directory; reports per-spec compliance + per-finding evidence. |
| kg-suite-fleet-overview-action | Protocol-aware fleet overview across all 5 governance protocols in one repo — buckets, doc counts, unrouted-document gate. |
| kg-suite-spec-version-tracker-action | Tracks the *_version discriminator across every Suite doc in a repo, fails the PR on unsanctioned spec-version upgrades. |
| llm-cost-rollup-action | Runs otel-genai-rollup across an OTLP trace export and gates the PR on cost budget breaches. |
| k8s-pre-merge-action | Composite gate across the K8s scanner family — deprecated APIs, RBAC over-scope, pod security, Helm values coverage — one Action, one PR comment. |
| procurement-pulse-action | Probes your own /.well-known/ for all 11 Suite documents and reports a 0-100 self-score + tier. Three output modes (PR comment / pulse-receipt JSON / self-score SVG badge), two gate modes (min-score threshold / min-tier ladder). Same probe core as the Pulse Issue crawler and the browser-extension Vendor Inspector. |
Composition story: kg-protocol-detect-action identifies what protocols live in the repo → the matching per-protocol *-diff-action gates breaking changes → the matching *-fleet-summary-action surfaces outliers across the fleet → kg-suite-conformance-runner-action checks spec conformance → kg-suite-canonicalize-action enforces stable serialization → procurement-pulse-action self-scores the deployed /.well-known/ surface. End-to-end PR governance with zero hand-rolled glue.
Dogfooded on kineticgain.com itself. Weekly procurement-pulse-action run probes the apex and refreshes the badge + the public receipt at kineticgain.com/.well-known/pulse-receipt.json.
A different discipline from the governance suite: a studio-grade, offline-first notepad at sveska.studio. No account, no telemetry, no cloud dependency — every note lives in the browser's IndexedDB and the app works with the network unplugged.
| Editor | CodeMirror 6 rich editor — inline screenshot paste, Markdown highlighting, slash commands, snippets, find/replace, typewriter; classic textarea opt-out |
| Depth | Multi-note tabs · version history + diff · fuzzy search · per-note Excalidraw canvas · streaming AI via a secure edge proxy (zero keys in the client) · .txt / .md / .html / .pdf export |
| Engineering | React 18 + TS strict · Zustand · Dexie · vite-plugin-pwa · 281 tests · <180 KB initial JS · accessibility-audited · Cloudflare Pages + edge function |
Repo: mizcausevic-dev/sveska · v0.8.0 · MIT
A family of eleven open JSON specifications for the answer-engine and agent era — five core (AEO, Prompt Provenance, Agent Cards, AI Evidence Format, MCP Tool Cards), a three-spec EdTech trio (vendor / district / student), a HealthTech vertical extension (Clinical AI Disclosure — HIPAA / FDA / SaMD posture), a cross-cutting AI Incident Card that ties everything together post-hoc, and an AI Procurement Decision Card that signs off on a vendor's posture across the rest of the Suite. Two regulated verticals covered. NIST AI RMF crosswalk shipped alongside. All AGPL-3.0, all v0.1 draft, all kinetic-gain-protocol-suite tagged. Single landing: kinetic-gain-protocol-suite.
| aeo-protocol-spec | AEO Protocol — entity declaration at /.well-known/aeo.json | aeo_version |
| prompt-provenance-spec | Prompt Provenance — versioned, lineaged, reviewable LLM prompt records | provenance_version |
| agent-cards-spec | Agent Cards — declarative agent capability + refusal disclosure | agent_card_version |
| ai-evidence-format-spec | AI Evidence Format — structured citations for LLM-generated claims | evidence_version |
| mcp-tool-card-spec | MCP Tool Cards — per-tool disclosure for Model Context Protocol servers | tool_card_version |
| ai-tutor-card-spec | AI Tutor Cards — EdTech vendor-side: pedagogy, FERPA/COPPA/GDPR posture | tutor_card_version |
| student-ai-disclosure-spec | Student AI Disclosure — student-side: roles, prompt evidence (full/hashed/omitted), artifact-hash binding | disclosure_version |
| classroom-ai-aup-spec | Classroom AI AUP — district / school / course-side policy (closes the EdTech trio) | aup_version |
| clinical-ai-disclosure-spec | Clinical AI Disclosure — HealthTech vendor-side: HIPAA / FDA / SaMD posture, bias audits, EHR (FHIR / CDS Hooks) | clinical_ai_card_version |
| ai-incident-card-spec | AI Incident Card — "CVE for AI agents," cross-references every other affected document in the Suite | incident_card_version |
| ai-procurement-decision-spec | AI Procurement Decision Card — buyer-side approval/rejection record that signs off on a vendor's posture across the rest of the Suite | decision_card_version |
The canonical depth example — every layer needed to consume the spec, across five languages:
| SDKs | aeo-sdk-python (live on PyPI) · aeo-sdk-typescript · aeo-sdk-rust · aeo-sdk-go · aeo-sdk-swift |
| CLI | aeo-cli — aeo validate / fetch / inspect / claim, colored output, end-to-end against the live well-known URL |
| Crawler | aeo-crawler — BFS over AEO graphs, JSON Lines output, configurable depth + concurrency |
| Validator service | aeo-validator-service — always-on HTTP validator for AEO + all 11 Suite docs. Auto-detects the spec via *_version sniffing, hashes canonically, tracks drift across re-checks (POST /watches/{id}/recheck returns a structured DriftReport). |
| Graph explorer | aeo-graph-explorer-rs — Rust + axum + petgraph graph-query service over aeo-crawler JSONL output. Ingests atomically; exposes /nodes · /neighbors · /shortest-path · /find-by-claim. The fifth layer of the AEO Reference Stack — 3→5 layers gap closed. |
hash-attestation-rs — sign + verify Suite docs with ed25519 over the same canonical-hash convention every other Suite repo uses. The missing "this AEO actually came from the vendor" layer. Vendors sign, publish a well-known public key URL, consumers verify. Composes with aeo-validator-service (tamper events surface as structured issues) and procurement-decision-api (Decision Cards can carry a signature).
The spec is only one layer. The newer control-plane layer covers citation readiness, publication safety, visibility monitoring, and release posture:
| aeo-citation-gap-finder | Detects weakly sourced, stale, or unsupported claims before they leak into answer-engine surfaces |
| llms-txt-governance-hub | Governs llms.txt manifests, exclusions, freshness windows, and release approvals |
| geo-competitive-visibility-tracker | Tracks answer-surface share, citation pressure, and competitor query ownership |
| aeo-registry | Governed inventory of manifests, claim readiness, freshness pressure, and publisher posture |
| aeo-linter | Rust CLI for manifest hygiene, source freshness, claim coverage, and answer-surface readiness |
| mcp-aeo-server | AEO-only MCP server — 4 tools, one Claude Desktop config entry |
| mcp-kinetic-gain | Unified MCP server — 71 tools across 11 specs + DefenseTech module (8 tools, v0.8.0, git-tagged), one Claude Desktop config entry, 126 tests passing. Headline tools: aup_check_compliance joins an AUP + Student AI Disclosure into a single allow/deny call; decision_card_validate enforces the full procurement Decision Card conditional ruleset; defensetech_vault_resolve_3axis resolves a (CUI, ITAR, foreign-person) tuple to the most-restrictive vault policy. |
| mcp-reliability-toolkit | Reliability MCP server — 4 tools (compute_slo_burn, design_rate_limiter, design_circuit_breaker, compose_reliability_pattern). Same math as slo-budget-tracker; emits drop-in Python + Rust configs from a Claude conversation. |
| mcp-decision-intelligence | Decision Intelligence MCP server — 4 tools (validate_decision_card, preview_policy_bundle, plan_incident_remediation, check_contract_compatibility). Read-only preview of what procurement-decision-api + policy-as-code-engine + incident-correlation-rs + data-contract-registry would do — deterministic, no LLM-in-the-loop reasoning. |
| mcp-permission-broker | Runtime permission gate — the enforcement point between an AI Procurement Decision Card and an MCP tool call. Composes Decision Card conditions into PolicyBundles, applies deny-trumps-allow at request time, emits tool_invocation_* events to the audit-stream spine. The piece that turns "buyer signed off" into "this tool call is denied." |
| azure-openai-governance-bridge | The Azure-native sibling of the broker. An Azure Function in front of Azure OpenAI that enforces the same deny-trumps-allow PolicyBundle contract on every chat-completion call (deployment + each declared tool), forwards allowed calls, 403/409s denied ones, emits tool_invocation_* to audit-stream-py. Bicep IaC included. Puts the Suite's governance on the data path enterprises actually run AI on. |
| aeo.kineticgain.com | aeo-visualizer | Dedicated AEO Protocol web visualizer |
| kinetic-gain-visualizer | kinetic-gain-visualizer | Unified visualizer — auto-detects the spec from the top-level *_version field and renders the appropriate view. Eleven specs auto-detected; five views: Visualize / Editor / Architecture / Tools / About |
| examples.kineticgain.com | kinetic-gain-examples-gallery | Examples gallery — sidebar of 11 specs, click any to see its canonical example rendered with JSON syntax highlighting |
| walker.kineticgain.com | well-known-walker-web | well-known-walker — paste any domain, see every Kinetic Gain disclosure document it publishes |
| bench.kineticgain.com | prompt-injection-bench-web | prompt-injection-bench visual harness |
The unified visualizer + unified MCP server give the Suite a complete read-side (human) and tool-side (agent) entry point. Eleven specs, two front doors, and a growing operator subdomain network.
| well-known-probe-js | Zero-dependency vanilla JavaScript probe for all eleven Suite documents at any domain's /.well-known/ paths. Runs in browser + Node 18+ + Deno + Bun. Returns a 0-100 disclosure score + tier + per-spec found/missing. Discriminator-aware (a 200 of the wrong JSON shape doesn't count). The shared core of the Vendor AI Disclosure Inspector. |
| kineticgain-vendor-inspector | Browser extension (MV3) + Greasemonkey userscript that score what AI governance documents any vendor publishes at /.well-known/, right from the toolbar (extension) or as an on-page corner badge (userscript). One shared probe core, two distribution surfaces, a build step that keeps both in sync. The client half of the distribution lane — Procurement Pulse runs the same probe server-side. |
| prompt-injection-bench | 30-attack prompt-injection corpus + Python harness. Every record back-references the Agent Card refusal_taxonomy[].category it tests, so a vendor can mechanically verify declared refusals hold under attack. Failed runs feed AI Incident Cards. Not a 10th spec — the testing-counterpart to the disclosure layer. |
Reliability primitives. Each independent. All designed to compose:
| rate-limit-shield | Python | Token bucket + circuit breaker + jittered retry, HTTP 429 / Retry-After awareness | SRE |
| identity-mesh | Python | SPIFFE-style JWT-SVID broker — short-lived tokens, audience binding, zero long-lived keys | CISO |
| agent-canary | Python | Progressive rollout, shadow mode, sticky-percent routing, auto-rollback | Platform / SRE |
| model-registry-pro | Python | Model lifecycle catalog: lineage, stage promotion, approval gates | Platform / MLOps |
| slo-budget-tracker | Python | SLO + error-budget library, FastAPI middleware, Prometheus exporter, multi-window burn-rate alerts | SRE |
| reliability-toolkit-rs | Rust | Async Tokio primitives: token-bucket rate limiter · 3-state circuit breaker · exponential-backoff retry with jitter · bulkhead | SRE / Platform |
| feature-flag-rs | Rust | Server-side feature flag eval — targeting rules, sticky percentage rollouts (SHA-256 bucketing, no RNG), hot reload | Platform / SRE |
| request-shadow-rs | Rust | Async request mirroring with sampling + divergence detection — fires both legs concurrently, returns the primary while collecting a structured diff. The SRE primitive for safe migrations | SRE / Platform |
| audit-stream-py | Python | Append-only governance event stream for the whole portfolio. Hash-chained for tamper-evidence, SSE for live tailing, REST for queries. Every other portfolio repo is a producer. Platform Reliability Stack #10 — the 10+ target is hit. | SRE / Compliance |
Identity at the edge → rate limits at the model → canary at deploy → registry as source of truth → SLO budget at the API surface → Rust primitives for hot paths → feature flags for rollout control → shadow traffic for migrations → tamper-evident audit log. Defense-in-depth for the agent era.
The 17 defensive layers actually running across the portfolio are inventoried and independently verifiable at kineticgain.com/trust/security-posture/ — published the same way I ask vendors to publish theirs. Plus ed25519-signed /.well-known/ docs · npm provenance · CycloneDX SBOM.
Dependabot on 410 repos · CodeQL on 98 · OpenSSF Scorecard on 52 (strict subset of CodeQL) · SHA-pinned actions across 558 uses: lines (measured 2026-06-04).
Production-shaped backend services in the right language for the problem. 15+ languages across one coherent platform.
| Go | edge-policy-enforcer | Edge request governance, bot handling, redirect control |
| Go | latency-budget-enforcer | Latency budget enforcement, dependency drag review |
| Rust | crawl-anomaly-detector | Crawl log anomaly scoring, indexing risk review |
| Rust | support-escalation-router | Support queue escalation, SLA pressure scoring |
| Java | compliance-event-ledger | Spring Boot immutable compliance event history |
| C# | tenant-isolation-guard | ASP.NET Core tenant-boundary policy evaluation |
| C# | approval-workflow-orchestrator | ASP.NET Core approval routing, SLA-aware escalation |
| Kotlin | release-readiness-gatekeeper | Release gate evaluation, dependency readiness scoring |
| Kotlin | reliability-policy-coordinator | Dependency drag review, error-budget policy |
| Scala | policy-decision-simulator | Policy simulation for governance scenarios, launch gates |
| Elixir | incident-handoff-broker | Incident routing, SLA-aware handoff scoring |
| Ruby | message-retention-guardian | Retention policy enforcement, legal hold protection |
| PHP | entitlement-request-portal-api | Entitlement requests, approval routing, access review |
| Dart | mobile-briefing-companion | Flutter mobile app for executive briefings, signal summaries |
| Terraform | platform-foundation-blueprint | Multi-environment networking, IAM blueprint |
| Go | grpc-mesh-shadow | gRPC shadow traffic mirroring, divergence detection, sampling |
| Go | miz-otel-pack | OpenTelemetry SpanProcessor — GenAI spans → business cost/latency spans |
| Rust | wasm-policy-gateway | WASI policy engine — geo + rate-limit + A/B routing, ~128 KB module |
| Rust | bls-attestation-broker | BLS12-381 aggregate signatures for multi-signer attestation |
| Zig | zig-agent-graph-db | In-memory directed graph for agent context, stdlib only |
| Haskell | haskell-policy-engine | Type-safe policy DSL with Hspec + QuickCheck properties |
| Python | embedding-drift-graph | Track cosine drift of entity embeddings across encoder versions, GraphQL API |
| Python | audit-graph-explorer | Neo4j + Cypher relationship-driven audit analysis |
| Python | secret-rotation-scheduler | Secret rotation windows, owner prompts, stale-secret detection |
| Python | warehouse-reconciliation-engine | Source-to-warehouse drift detection, finance-grade reconciliation |
| Python | data-quality-guardrail | Schema drift, freshness lag, null spike detection |
| dbt + DuckDB | dbt-search-observatory | Search console, crawl, index coverage, freshness modeling |
| SQL Warehouse | search-observability-warehouse | Crawl analytics, indexation, technical SEO observability |
Production-shaped governance and observability for AI / LLM workloads:
| procurement-decision-api | Python | First cross-ecosystem bridge in the portfolio. Drafts AI Procurement Decision Cards from a buyer rubric and vendor Suite documents (AEO + agent-card + tool-card + ai-evidence + …). Connects Kinetic Gain Protocol Suite (spec #11) with Decision Intelligence. Pydantic v2, FastAPI, httpx async, NIST AI RMF crosswalk linked from the OpenAPI spec. |
| policy-as-code-engine | Python | Companion to procurement-decision-api. Declarative policy evaluator — JSON/YAML rules, first-match-wins, deny-trumps-allow. Headline: POST /bundles/from-decision-card turns a Decision Card's conditions into a runtime-enforceable PolicyBundle. Closes the loop from "buyer signed off" to "request gated." |
| incident-correlation-rs | Rust | Walks the Suite graph from an AI Incident Card and emits a structured remediation plan. BFS over typed SuiteEdges; DecisionCard → RecheckPolicy, Vendor → RequestReview, AEO/agent/tool → Revalidate. petgraph under the hood. The piece that turns "we had an incident" into "here's exactly what to touch next." |
| briefing-intelligence-engine | Python | Executive briefing scoring, narrative generation, risk ranking |
| signal-orchestration-lab | Python | Dependency-aware signal routing, escalation sequencing |
| decision-memory-engine | Python | Decision history, rationale recovery, stale assumption tracking, and revisit posture |
| evidence-ranking-engine | Python | Evidence packet ranking by trust score, freshness, contradiction pressure, and citation density |
Executive dashboards, control planes, decision studios — organized by domain:
Executive & Portfolio executive-briefing-studio · portfolio-command-center · executive_operations_dashboard · scenario-planning-atlas
Revenue & Growth customer-intelligence-graph · growth-systems-control-room · revenue-forecasting-workbench · attribution-intelligence-studio · pricing-experiment-studio · conversion-funnel-intelligence-hub · deal-desk-workspace
AI Governance & Risk ai-governance-review-studio · model-risk-oversight-hub · vendor-risk-operations-center · compliance-workflow-hub · ai-operations-console
Identity & Security identity-command-center · identity-lifecycle-workbench · security-posture-control-room
Workflow & Operations workflow-orchestration-studio · feature-flag-rollout-studio · ab-testing-command-center · customer-journey-control-plane
Spec-first OpenAPI services:
Identity-Access-Audit-API · observability-incident-command-api · customer-health-churn-api · partner-lead-distribution-engine · content-workflow-intelligence-platform · experimentation_insights_kpi · seo-governance-platform · webhook-ingestion-pipeline · kinetic-api-gateway · revenue-ops-ai-assistant
The newer CMS lane is not brochure work. It is governance, preview trust, query discipline, cache freshness, schema safety, and contract protection for headless WordPress estates:
wordpress-block-seo-governance-auditor · wordpress-graphql-governance-gateway · headless-seo-fallback-engine · headless-preview-recovery-kit · wpgraphql-query-cost-inspector · frontend-contract-testing-for-wordpress · headless-editorial-command-center · headless-wp-vue-starter · wpgraphql-schema-diff-gate · wordpress-cache-invalidation-map · wordpress-preview-trust-monitor · wp-kinetic-gain-audit
This cluster now covers answer-surface safety, preview recovery, metadata fallback, query cost, frontend payload contracts, editorial release readiness, schema-drift approval gates, cache invalidation mapping, preview trust monitoring, and — via wp-kinetic-gain-audit — a tamper-evident MySQL hash-chained governance audit log that plugs WordPress straight into the Suite's audit-stream-py spine.
Commercially legible systems work across access review, evidence plumbing, connector testing, workflow infrastructure, and HR-to-identity provisioning:
cyberark-access-review-sync · cyberark-connector-observability-exporter · servicenow-cyberark-evidence-pipeline · ibm-custom-connector-starter · ukg-to-scim-provisioner · camunda-connector-test-harness
| data-contract-registry | Schema registry for data contracts. Semver versioning, compatibility checks (backward / forward / full), declared owners, freshness SLAs. Bridges to procurement-decision-api via POST /contracts/owners/from-decision-card — buyer + decision_maker from a Decision Card become the contract's paging targets. Cross-ecosystem hook #3. |
| csv-data-quality-rs | Rust streaming CSV validator against a data-contract-registry contract. Async, row-by-row, structured violation report (required / bad_type / enum_mismatch / column_count_mismatch / invalid_json). Memory cost is proportional to max_samples, not file size. Cross-ecosystem hook #4. |
| sql-contract-enforcer | Cross-dialect DDL from a data contract — CHECK / NOT NULL / UNIQUE / PK / FK for Postgres, MySQL, Snowflake, BigQuery (dialect-aware: BigQuery demotes CHECK/UNIQUE to comments + PK/FK to NOT ENFORCED; Snowflake informational; MySQL VARCHAR lengths). Plus a contract-vs-schema violation checker for CI. Cross-ecosystem hook #5 — enforces at the table boundary what the registry declares and csv-data-quality-rs validates row-wise. |
| revops-database-lab | PostgreSQL revenue modeling lab. |
| revenue-intelligence-db | Attribution + forecast + renewal-risk reporting. |
| cloud-cost-intelligence-dashboard | Cloud cost intelligence dashboards. |
| semantic-metrics-catalog | Governed metric definitions, ownership lanes, semantic contracts, and freshness posture. |
| attribution-warehouse-lab | Warehouse-first attribution modeling, path analysis, and governed revenue-credit logic. |
| pg-audit-stream-extension | Postgres extension (PL/pgSQL) that emits audit-stream-py-compatible governance events on watched table CRUD via pg_notify, plus a Python LISTEN bridge daemon. Database-tier governance — the spine's 8th producer, catching DML the application path would miss. PG14-17, CI green. |
| procurement-pulse-engine | The crawl + aggregate engine behind pulse.kineticgain.com. Probes a universe of vendor domains for all 11 Suite documents (vendored well-known-probe core), aggregates publication rate by vertical + per-spec + leaderboard. Issue #1 ran the first real baseline: 0.0% across 37 domains — the honest starting line. |
| Languages | Python · TypeScript · Go · Rust · Java · C# · Kotlin · Scala · Elixir · Ruby · PHP · Dart · Swift · Zig · Haskell · SQL · HCL · dbt |
| Backend | FastAPI · Express · Spring Boot · ASP.NET Core · Javalin · Cowboy/Plug · WEBrick |
| Frontend | React 19 · Vue 3 · Flutter · TypeScript · Vite · Tailwind · Recharts · Motion |
| Data | PostgreSQL · DuckDB · dbt · Neo4j · Pandas · Pydantic |
| AI / Platform | SPIFFE zero-trust identity · governance-as-code · LLM routing · token-cost attribution · OpenAPI specs · MCP servers · OpenTelemetry GenAI · BLS aggregate signatures · WASI · spec authorship |
| CI/CD | GitHub Actions · FTP auto-deploy · Hostinger · AGPL-3.0 licensing |
Open to Director / Principal-level Platform Engineering, Web Engineering, or AI Platform roles at enterprise B2B SaaS companies. East Coast time zone. Remote-friendly.
All active repositories · Career one-pager
Connect: LinkedIn · Kinetic Gain · Medium · Skills
Node.js + Express REST API for B2B SaaS lead scoring, campaign visibility, and revenue workflow automation
JavaScript
Governance and observability layer for enterprise RAG systems. Chunk quality scoring, source freshness audits, retrieval drift detection, hallucination signals, and PII leakage scanning across ever…
TypeScript 1
MCP server for AI Tutor Card disclosures. Six tools for procurement review, curriculum matching, and FERPA / COPPA compliance auditing of AI tutors. EdTech-flavored extension of the Kinetic Gain Pr…
TypeScript
Unified MCP server for all 11 Kinetic Gain Protocol Suite specs + DefenseTech module (8 tools) — 71 callable tools (47 spec + 16 implementation + 8 DefenseTech). One Claude Desktop config entry. St…
TypeScript
Open 30-attack prompt-injection corpus + Python harness with Agent Card refusal-taxonomy back-references. 10 attack categories, 4-level severity, 5 scoring methods. Pairs with the Kinetic Gain Prot…
Python
Decoupled WordPress + Vue starter with WPGraphQL contracts, preview-safe rendering, and SEO-conscious delivery.
TypeScript