GitHub
v0.1 draft · eleven specs · eleven vertical 6-packs

Open governance protocols
for the agent era.

A family of eleven open JSON specifications for declaring what an AI system is, what it does, what it refuses, what evidence it carries, what regulatory class it falls under, and what happens when it fails. Plus eleven regulated-vertical 6-packs — HealthTech · EdTech · PropTech · InsurTech · HR Tech · FinTech · GovTech · LegalTech · EnergyTech · DefenseTech · RetailTech — that fan the same six canonical artifact shapes across 66 sibling spec repos. One unified MCP server, one hosted validator, one audit-stream spine. Specs MIT, reference implementations AGPL-3.0.

View on GitHub Open the visualizer
11Open specs
11Vertical 6-packs
71MCP tools
24Implementation repos

The suite at a glance

Each spec carries a top-level <name>_version field. The unified visualizer auto-detects which spec a document is in by inspecting that field. The MCP server exposes fetch / validate / inspect / cross-spec-join tools for all eleven specs.

Core · Answer engine + agent layer

AEO Protocol

Entity declaration at /.well-known/aeo.json

Prompt Provenance

Versioned, lineaged, reviewable LLM prompts

Agent Cards

Capability + refusal disclosure for AI agents

AI Evidence Format

Structured citations for LLM-generated claims

MCP Tool Cards

Per-tool disclosure for MCP servers
↓ vertical extensions ↓
EdTech trio · vendor / district / student

AI Tutor Cards

What an AI tutor does (vendor-side)

Classroom AI AUP

What AI use is permitted (district / school / course)

Student AI Disclosure

What the student actually did (per artifact)

A grader, LMS, or compliance checker joins all three: "Is this submission allowed?" → O(1) lookup.

HealthTech extension · vendor-side disclosure

Clinical AI Disclosure

HIPAA / FDA / SaMD posture · bias audits · EHR (FHIR / CDS Hooks)
↓ when things break ↓
Cross-cutting · vendor- and buyer-side · references all

AI Incident Card

Post-incident disclosure — the "CVE for AI agents". References every other affected document. Vendor-published.

AI Procurement Decision Card

Buyer-side artifact — records a buyer's procurement review of vendor declarations. Closes the loop. Buyer-published.

All eleven specs

Spec What it declares Detect via Well-known path
AEO Protocol Entity declaration · authoritative claims · citation preferences aeo_version /.well-known/aeo.json
Prompt Provenance Versioned, lineaged, reviewable LLM prompt records provenance_version
Agent Cards Declarative agent capability + refusal disclosure agent_card_version /.well-known/agents/<id>.json
AI Evidence Format Structured citations for LLM-generated claims evidence_version
MCP Tool Cards Per-tool disclosure for MCP servers tool_card_version /.well-known/mcp-tools/<name>.json
AI Tutor Cards EdTech EdTech vendor-side · pedagogy · FERPA/COPPA/GDPR posture tutor_card_version /.well-known/tutors/<id>.json
Student AI Disclosure EdTech Student-side · roles · prompt evidence · artifact-hash binding disclosure_version — (travels with artifact)
Classroom AI AUP EdTech District / school / course AI policy aup_version /.well-known/ai-aup.json
Clinical AI Disclosure HealthTech HIPAA / FDA / SaMD posture · bias audits · EHR integration clinical_ai_card_version /.well-known/clinical-ai/<id>.json
AI Incident Card cross-cutting · vendor-side "CVE for AI agents" · references every other document incident_card_version /.well-known/ai-incidents/<id>.json
AI Procurement Decision Card cross-cutting · buyer-side Buyer's procurement review outcome · documents reviewed · conditions · rationale · v0.2 adds data_vault_targets[] (Skyyflow-shaped field-level vault contract) powering rag-sentinel, deal-desk-workspace, kg-skyyflow-klaviyo-bridge, and the bridge console · v0.3 adds retention_envelope[] — per-field TTL + redaction action + ed25519-signed deletion-proof endpoint decision_card_version /.well-known/decisions/<id>.json

Two front doors

The hosted validator is the buyer-side entry point — paste a vendor's JSON, get a procurement-grade report. The unified MCP server is the agent-side entry point — every spec becomes a callable tool. Eleven specs, two front doors.

VALIDATOR · web

validator.kineticgain.com

Paste any Suite JSON in the browser and get a procurement-grade validation report. Auto-detects which of the eleven specs the document belongs to via its *_version field, then validates against the canonical JSON Schema 2020-12. Errors surface as inline markers in a Monaco editor with line numbers.

open https://validator.kineticgain.com
 Open validator →
MCP SERVER · stdio

mcp-kinetic-gain

71 tools across all 11 specs + DefenseTech 6-pack + 5 cross-cutting operation categories, v0.8.0, published on npm with provenance and on the official MCP Registry. One Claude Desktop / Cursor / MCP-client config entry. Headline cross-spec tools: aup_check_compliance (AUP + Student AI Disclosure → allow/deny), decision_card_to_policy_bundle (Decision Card → runtime PolicyBundle preview), attestation_verify (ed25519 signatures over canonical hashes), audit_chain_verify (walks a hash-chained governance event log), suite_doc_drift (structural diff between two doc versions). v0.6.0 adds 13 implementation-tooling preview tools that wrap the 15-repo implementation stack at preview scale — read-only, deterministic, no HTTP round trip. v0.7.0 adds live audit-stream tools so an agent can emit, query, and verify governance events from chat. v0.8.0 adds the DefenseTech 6-pack: 3-axis vault resolver (CUI tier × export-control × foreign-person), CUI distribution-statement / ITAR us-person / DFARS 72-hour-clock invariants, CMMC evidence-bundle summarizer, and Incident Card event-type classifier.

npx -y mcp-kinetic-gain validate <files...>
  • 126 tests pass · typecheck clean · build clean
  • Live on npm + Official MCP Registry + mcp.so · auto-published on tag
  • Sibling MCP servers: mcp-reliability-toolkit · mcp-decision-intelligence
Tool inventory + registry status →

Suite × Implementations — the 15-repo stack

The Suite is a set of specs. The implementation stack is the software that consumes them. Open-source repos across Tiers A–E, all CI-green, semver-tagged at v0.1.0, MIT-licensed. Five cross-ecosystem hooks chain them into one composable system: procurement-decision-api drafts Decision Cards from Suite docs → policy-as-code-engine turns conditions into runtime gates → data-contract-registry extracts owners from the same Decision Card → csv-data-quality-rs validates produced CSVs row-by-row → sql-contract-enforcer compiles the same contract into cross-dialect table DDL. And the Decision Card now enforces at three runtime layers: the MCP tool call (mcp-permission-broker), the Azure OpenAI call (azure-openai-governance-bridge), and the database table (sql-contract-enforcer).

DECISION INTELLIGENCE · Python

procurement-decision-api

FastAPI service that drafts AI Procurement Decision Cards from a buyer rubric and a set of vendor Suite documents (AEO + agent-card + tool-card + ai-evidence + …). The first cross-ecosystem bridge in the portfolio — Suite × Decision Intelligence.

  • Companions: policy-as-code-engine (runtime enforcement) · data-contract-registry (owner extraction)
  • NIST RMF: GOVERN 5.1, MAP 3.1, MEASURE 2.5, MANAGE 1.2 (Full)
View on GitHub →
GOVERNANCE EVENT STREAM · Python · SSE

audit-stream-py

Append-only governance event stream for the whole portfolio. Hash-chained for tamper-evidence; Server-Sent Events for live tailing; REST for queries. Every other portfolio repo is a producer — decision_card_drafted, policy_bundle_registered, watch_drifted, attestation_verified, contract_promoted, incident_filed.

  • 18 event kinds across 8 producer repos · GET /verify walks the chain end-to-end
  • Platform Reliability Stack repo #10 — the 10+ target hit
View on GitHub →
AEO REFERENCE STACK LAYER 5 · Rust

aeo-graph-explorer-rs

HTTP graph-query service over aeo-crawler JSON-Lines output. axum + petgraph, atomic POST /ingest, exposes /nodes · /neighbors · /shortest-path · /find-by-claim. The fifth layer of the AEO Reference Stack — 3→5 layers gap closed.

  • SDKs → CLI → Crawler → Validator service → Graph explorer
  • Companion: aeo-validator-service (drift detection across watches)
View on GitHub →
SUITE PRIMITIVE · Rust · ed25519

hash-attestation-rs

Sign + verify Suite documents with ed25519 over the same canonical-hash convention every other Suite repo uses. The missing "this AEO actually came from the vendor" layer. Vendors sign, publish a well-known public key URL, consumers verify before they trust the document.

  • Composes with aeo-validator-service (tamper events) and procurement-decision-api (signed Decision Cards)
  • NIST RMF: MAP 2.2 (provenance), MEASURE 2.8 (transparency)
View on GitHub →

Full catalog of all 15 repos — grouped by buyer (procurement reviewer · AEO consumer · data team · SRE · MCP integrator) — is in the Suite × Implementations section of the meta-repo README.

The Vault Contract Pattern — one Decision Card field, four runtime surfaces

The AI Procurement Decision Card v0.2 added a single field — data_vault_targets[] — that names the fields a buyer authorizes a vendor to read, the protection level required at rest, and the roles permitted to reveal them. That one field is the spine of a complete vault contract: the buyer signs it as part of procurement, four open-source reference surfaces enforce it at runtime, and every read/reveal/transform event lands on the same hash-chained audit-stream the rest of the Suite uses.

The pattern is vault-vendor-shaped but vendor-neutral — the field names match Skyflow's vault-contract vocabulary, but the runtime targets work against any tokenization vault (Skyflow, Privacera, Very Good Security, in-house). What buyers get is a single procurement signature that travels into the retrieval index, the deal-desk UI, the marketing connector, and the operator console — without any of them learning a raw PII value they aren't authorized to see.

SURFACE 1 · TOKENIZE-BEFORE-INDEX

rag-sentinel

The retrieval-layer enforcer. Intercepts documents on the way into a vector store, tokenizes every data_vault_targets[] field per the Decision Card's protection level (None · Masked · Tokenized · Encrypted), and stamps the chunk with the vault-token reference. Embeddings index the token, never the raw value — so the index is procurement-clean even if the LLM is compromised.

  • Where it sits: between your ingest pipeline and your vector DB
  • Buyer outcome: a RAG corpus that can't leak fields procurement didn't authorize
View on GitHub →
SURFACE 2 · RBAC-AWARE REVEAL

deal-desk-workspace

The seat-of-work enforcer. A deal-desk operator UI that reads the Decision Card's reveal_roles for each vault field and renders accordingly — a sales engineer sees a token, a compliance officer sees the masked tail, a principal sees the unredacted value. Every reveal click writes a vault_field_revealed event into the audit-stream with the role, the field, and the token reference.

  • Where it sits: the human-in-the-loop surface for vault data
  • Buyer outcome: a reveal log that survives an audit without a SIEM lift
View on GitHub →
SURFACE 3 · TRANSFORM PIPELINE LIB

kg-skyyflow-klaviyo-bridge

The marketing-connector enforcer. A TypeScript bridge library that sits between a vault and an outbound marketing platform (Klaviyo) — the buyer's Decision Card describes which fields can flow through to which downstream lists, in which protection state (raw / masked / tokenized). Every transform is a typed pipeline step with a reversible test fixture; nothing leaves the bridge that wasn't authorized in writing.

  • Where it sits: the egress edge of your marketing stack
  • Buyer outcome: a connector that ships a contract change in PR, not a hot deploy
View on GitHub →
SURFACE 4 · VISUAL OPERATOR CONSOLE

skyyflow-klaviyo-bridge-console

The operator-readable companion to the bridge library. React 19 + slate-indigo Bento dashboard: live sync log of each transform run, dead-letter queue with retry semantics, a Schema Mapper page that diffs the active Decision Card's data_vault_targets[] against the connector configuration, and a Security Assets page that lists what's tokenized vs. what's still raw. The operator console for a contract, not just a connector.

  • Where it sits: alongside the bridge for ops + procurement review
  • Buyer outcome: a single screen procurement can audit between renewals
View on GitHub →

How it composes. The four surfaces don't share a runtime — they share the same JSON field on the same procurement document. A vendor accepts the Decision Card; rag-sentinel reads data_vault_targets[] to decide what tokenizes on ingest; deal-desk-workspace reads reveal_roles to decide who sees what at the UI; kg-skyyflow-klaviyo-bridge reads the protection levels to decide what propagates to Klaviyo; and the bridge console reads all of the above to render the live posture. One signature, four enforcement layers, one audit trail — and any of the four is opt-in. Buyers can adopt the pattern incrementally without committing to a fifth vendor.

See the v0.2 example in the visualizer → Decision Card spec on GitHub

The audit-stream spine — one log, eleven producers, five runtimes

Every governance moment in the portfolio writes to the same hash-chained log. Decision Cards drafted, AEO watches drifted, policy bundles deployed, requests denied at runtime, MCP + Azure OpenAI tool invocations gated, Postgres rows changed, WordPress content published, data contracts broken in CI, signatures verified or tampered, AEO graphs ingested, incidents correlated to remediation plans — one tamper-evident narrative an auditor can replay end-to-end. Producers fail safely: if audit-stream-py is down, governance still happens, the event is just logged to stderr instead of the chain. Same opt-in env-var contract (AUDIT_STREAM_URL) across all eleven, spanning Python, Rust, PL/pgSQL, PHP, and Azure Functions. 

flowchart LR
    PDA["procurement-decision-api
Python · FastAPI"] -->|"decision_card_drafted"| AS
    AVS["aeo-validator-service
Python · FastAPI"] -->|"watch_created
watch_drifted
watch_validity_flipped"| AS
    PCE["policy-as-code-engine
Python · FastAPI"] -->|"policy_bundle_registered
request_allowed
request_denied"| AS
    DCR["data-contract-registry
Python · FastAPI"] -->|"contract_promoted
contract_deprecated
contract_compatibility_failed"| AS
    HA["hash-attestation
Rust · crypto library"] -->|"attestation_signed
attestation_verified
attestation_failed"| AS
    ICR["incident-correlation
Rust · graph library"] -->|"incident_correlated
incident_correlation_failed"| AS
    AGE["aeo-graph-explorer
Rust · axum service"] -->|"graph_ingested
graph_ingest_failed"| AS
    MPB["mcp-permission-broker +
azure-openai-governance-bridge
Python · runtime gates"] -->|"tool_invocation_allowed
tool_invocation_denied
tool_invocation_required_approval"| AS
    PGX["pg-audit-stream-extension
PL/pgSQL · pg_notify"] -->|"table CRUD events"| AS
    WPA["wp-kinetic-gain-audit
PHP · WordPress/MySQL"] -->|"content_published
plugin_activated
user_role_changed"| AS

    AS{{"audit-stream-py
hash-chained · tamper-evident
SSE live tail · REST query · GET /verify"}}

    AS --> CON1["governance dashboards"]
    AS --> CON2["compliance evidence"]
    AS --> CON3["SRE alerting"]

    classDef producer fill:#0b3b3a,stroke:#10b981,color:#e6fffa,stroke-width:1.5px;
    classDef spine fill:#10b981,stroke:#34d399,color:#022c22,stroke-width:2px;
    classDef consumer fill:#1e293b,stroke:#475569,color:#cbd5e1,stroke-width:1px;
    class PDA,AVS,PCE,DCR,HA,ICR,AGE,MPB,PGX,WPA producer;
    class AS spine;
    class CON1,CON2,CON3 consumer;

20+ event kinds across 11 producers, all funneling into one verifiable chain. The Rust libraries ship behind a Cargo feature (--features audit-stream) so consumers who don't need emission can strip out the HTTP dep. The data-tier producers prove the reach: pg-audit-stream-extension catches direct DML the app path would miss, and wp-kinetic-gain-audit brings the same tamper-evident chain to any WordPress estate. Adding the next producer is a ~60-line module: copy the pattern, pick your event kinds, point at AUDIT_STREAM_URL.

NIST AI RMF crosswalk

Federal and enterprise procurement teams operating under OMB Memorandum M-24-10 can use this crosswalk to map every Suite spec — and the 15-repo implementation stack — to specific NIST AI RMF subcategories. The AI Procurement Decision Card (spec #11) is the natural carrier for RMF-aligned procurement outcomes — its criteria.rubric field can record per-subcategory pass / partial / fail results for any vendor review. Crosswalk v0.2 (2026-05-15) adds Section 7 mapping the implementation tooling to NIST subcategories it actively operationalizes — policy-as-code-engine converts MANAGE 1.3 from policy text to runtime gate; audit-stream-py closes the GOVERN 1.5 record-keeping leg; aeo-validator-service + slo-budget-tracker close MEASURE 3.1 continuous-monitoring.

Read the crosswalk → Raw Markdown

Featured properties

A selected slice of the 107 live properties under kineticgain.com. Every property is React 19 + TypeScript, Rust, Python, Julia, Kotlin, Flutter, C#, PHP, R, Shell, or hand-written static HTML, MIT/AGPL/Apache-2.0, push-to-deploy via GitHub Actions or FTPS to Hostinger. The full grouped index lives at kineticgain.com/constellation; the source-of-truth catalog is the mizcausevic-dev Industry Atlas.

Kinetic Gain Operator Console — mission-control dashboard Operator Console — Active Topology Mesh v0.2 with runtime-gate overlays, ed25519 signature posture, and blast-radius tracing

The console's Active Topology Mesh (v0.2) maps the Suite's producers, consumers, and the three runtime gates — MCP Permission Broker, Azure OpenAI Governance Bridge, SQL Contract Enforcer — onto the hash-chained AuditStream spine, with ed25519 signature posture and click-to-trace blast-radius.

aeo.kineticgain.com

AEO Visualizer

Dedicated visualizer for AEO Protocol declarations. The original Kinetic Gain property.

Open ↗
tutor.kineticgain.com

AI Tutor Cards

EdTech vertical landing — vendor disclosure for AI tutors with FERPA/COPPA/GDPR posture.

Open ↗
clinical.kineticgain.com

Clinical AI Disclosure

HealthTech vertical landing — HIPAA / FDA / SaMD posture, bias audits, EHR integration.

Open ↗
bench.kineticgain.com

prompt-injection-bench

Visual harness: paste a JSONL transcript, see pass rates by category and severity. Agent-Card refusal-taxonomy back-references.

Open ↗
pulse.kineticgain.com

AI Procurement Pulse

Quarterly research index of vendor AI governance disclosure. Issues #1-#4 live — universe scaled 37 → 834 domains, kineticgain.com flipped to verified=11/11 (ed25519), engine v0.4 per-spec discriminator landed. Issue #5 = the first true quarterly delta (August 2026).

Open ↗
console.kineticgain.com

Operator Console

Mission-control for the Suite: a v0.2 topology mesh with runtime-gate overlays, ed25519 signature posture, and blast-radius tracing, plus a configurable SRE operator dashboard, live audit-stream visualization, and PDF export.

Open ↗

The full constellation

Every live property in the Kinetic Gain Protocol Suite. The eleven spec surfaces declare and render the protocol; the tools validate, visualize, govern, and measure adoption across the open web.

Specification surfaces

Tools, dashboards & research

Author

Miz Causevic — Boston Enterprise Technologist, Boston, MA. ~30 years across IBM, CyberArk, Alteryx, Digital.ai, Gryphon.ai. The entire suite is authored under github.com/mizcausevic-dev in the open. All eleven specs are MIT-licensed for maximum implementation freedom; reference implementations like the unified MCP server (mcp-kinetic-gain) are AGPL-3.0. Issues and pull requests welcome on any individual spec repo; cross-spec concerns happen on the meta-repo.

Distribution — pin from your own CI

The Suite ships through three consumer-pinnable channels. Code can sit on GitHub all day; if consumers can't pin from their own CI / package manager, it doesn't move.

🛍️ GitHub Marketplace. 21 protocol PR-gate + governance Actions, each with v0.1.0 exact-pin + floating v0.1 major tags: 

uses: mizcausevic-dev/agent-card-diff-action@v0.1      # floating major
uses: mizcausevic-dev/agent-card-diff-action@v0.1.0    # exact pin

📦 npm registry. kinetic-gain-embedded@0.1.1 (Apache-2.0, dual ESM/CJS, zero runtime deps, Node 20+, npm provenance-stamped) — drop-in audit-stream + Decision Card vault contract SDK. Plus mcp-kinetic-gain@0.8.0 (71 tools, on the official MCP Registry).

🌐 MCP Registry. mcp-kinetic-gain is also published on the official MCP Registry, on mcp.so, and indexed by the Cline marketplace. One Claude Desktop / Cursor / MCP-client config entry covers all 11 specs.

Across the rest of the estate

The Suite is one of several product lanes under kineticgain.com. The full grouped index — 107 live properties across 17 verticals — is at kineticgain.com/constellation/. Adjacent surfaces buyers reach for alongside the Suite specs: /calculators/ (decision math), /trust/ (Trust Pack — 10 buyer-facing tools), /policies/ (the 11-vertical readiness aggregator), pulse.kineticgain.com (quarterly procurement telemetry over a 2,044-domain universe), provenance-lab.kineticgain.com (interactive watermark stress test + the case for C2PA), and portfolio.kineticgain.com (programmatic dashboard over 555 public repos).