AGPL-3.0 reference impl of GovTech audit-stream. THE FIRST Suite audit-stream with 3 orthogonal invariants: human-agency-officer + Federal AI Use Case Inventory entry + classification-clearance per E.O. 13526. Runs PRFSA ×ばつ VendorG GovDecide v3.x trajectory end-to-end against mock federal vault + inventory.

• Updated Jun 11, 2026
• JavaScript

Drop-in audit-stream + Decision Card vault contract SDK for B2B SaaS. Emit hash-chained Suite-compliant audit events, enforce vault contracts before AI tools touch sensitive data, validate Decision Cards. TypeScript-first, dual ESM/CJS, zero runtime deps. Apache-2.0.

• Updated Jun 8, 2026
• TypeScript

AGPL-3.0 reference impl of mortgage-decision-record-audit-stream. Pacific Coast Mortgage ×ばつ VendorR LoanDecision v5.2 trajectory. 2 invariants: UNIVERSAL human-underwriter on adverse-action-capable kinds + ECOA Reg B 30-day adverse-action notice per 12 CFR §1002.9. Kinetic Gain Suite.

• Updated Jun 11, 2026
• JavaScript

DefenseTech audit-stream Operator: per-defense-AI-decision events hash-chained for DFARS 252.204-7012 + CMMC 2.0 + NIST 800-171/172 + ITAR + EAR + DoDI 5230.24 + NISPOM + False Claims Act. First Suite vertical with 3-axis taxonomy (CUI tier + export control + foreign-person restriction).

• Updated Jun 11, 2026
• JavaScript

AGPL-3.0 reference impl of HR Tech audit-stream. Only Suite audit-stream with TWO truly orthogonal candidate-protection invariants: human-hiring-decision (EEOC + Title VII) + NYC LL 144 candidate-notice with 14-day backward window. Runs MomentumHR ×ばつ HireAssess v2.x end-to-end.

• Updated Jun 11, 2026
• JavaScript

Operator surface for multi-tenant B2B SaaS isolation posture — blast-radius classification, RLS/dedicated-schema/shared-prefix mapping, cross-tenant data-access audit, lateral-movement risk. Browser-only, no telemetry. AGPL-3.0.

• Updated Jun 11, 2026
• HTML

Microsoft Graph Permission Scope Auditor — operator surface for OAuth scope governance, over-permissioned apps, Conditional Access coverage gaps, scope-creep detection. Static HTML, browser-only, no backend. Buyer-facing operator surface (scopes.kineticgain.com).

• Updated Jun 11, 2026
• HTML

Node.js reference implementation of the matter-decision-record-audit-stream spec (LegalTech 6-pack #1). Proves the spec's three orthogonal invariants are MUTUALLY achievable end-to-end (privilege-tier consistency + engagement-letter binding + citation-validation-before-production-ready). Second ref impl in the Suite. AGPL-3.0.

• Updated Jun 11, 2026
• JavaScript

AGPL-3.0 reference impl of insurance-decision-record-audit-stream. Coastguard Insurance ×ばつ VendorI ClaimsTriage v3.x. 2 invariants: scoped human-adjudicator + NAIC Model Bulletin on AI 90-day bias-monitoring window. Tenth vertical reference impl in the Kinetic Gain Suite (current coverage: 10 of 11 verticals; RetailTech ref impl pending).

• Updated Jun 11, 2026
• JavaScript

Unified MCP server for all 11 Kinetic Gain Protocol Suite specs + DefenseTech 6-pack — 71 tools (47 spec + 16 implementation + 8 DefenseTech). One Claude Desktop config entry. Stdio, no API key, no build step.

• Updated Jun 2, 2026
• TypeScript

Operator surface for HRIS-to-IdP joiner/mover/leaver pipelines, SCIM sync health, orphan-account detection, and entitlement-grant recertification. Browser-only, no telemetry. AGPL-3.0.

• Updated Jun 11, 2026
• HTML

Runtime permission broker for MCP tool invocations. Composes AI Procurement Decision Cards into PolicyBundles, applies deny-trumps-allow rules at request time, emits tamper-evident audit-stream events. The runtime enforcement point of the Kinetic Gain Protocol Suite.

• Updated Jun 11, 2026
• Python

Auto-detect + route + verify any Kinetic Gain Protocol Suite artifact (Decision Card / Incident Card / Evidence Bundle / audit-stream event / state-tracker event) to the right vertical-specific logic across all 6 vertical 6-packs. Makes the parallel-structure thesis provably code-true. CLI + npm + GitHub Action.

• Updated Jun 11, 2026
• JavaScript

RetailTech audit-stream Operator: per-shopper dynamic-pricing / recommendation / loyalty-tier / fraud / refund / ad-personalization / BOPIS / biometric AI tool access events hash-chained for FTC + EU Omnibus + NY ATBP + CA SB-892 + CCPA + BIPA + PCI DSS evidence.

• Updated Jun 11, 2026
• JavaScript

Operator surface for adverse-event queue, signal-detection clusters, regulator-reporting deadlines (FDA MedWatch 15-day / EU MDR vigilance / PMDA), and causality-assessment workflow. Browser-only, no telemetry. AGPL-3.0.

• Updated Jun 11, 2026
• HTML

Tamper-evident, MySQL-backed governance audit log for WordPress. SHA-256 hash chain (audit-stream-py compatible), one-click verify, optional forwarding to the Kinetic Gain audit-stream spine. GPL-2.0.

• Updated Jun 11, 2026
• PHP

Single-binary JWT validator + AI Procurement Decision Card v0.3 reveal-role enforcement gate. Verifies JWTs against JWKS, asks the buyer's signed Decision Card whether the principal's role may reveal the requested field, and emits hash-chained audit-stream events. First Go binary in the Kinetic Gain Protocol Suite.

• Updated Jun 11, 2026
• Go

Live procurement-reviewer-grade dashboard for the Kinetic Gain audit-stream spine. Tails SSE governance events, renders per-producer rolling counters, walks the hash chain, cites NIST AI RMF per event kind. Deploys to governance.kineticgain.com.

• Updated Jun 10, 2026
• TypeScript

HR Tech audit-stream Operator: per-hiring / promotion / performance / termination AI tool access events hash-chained for EEOC + ADA + Title VII + ADEA + GINA + OFCCP + NYC LL 144 + IL AI Video Interview Act + MD HB 1202 evidence. Workday/UKG/Greenhouse-bridged. Two invariants: human-hiring-decision + NYC LL 144 candidate-notice.

• Updated Jun 11, 2026
• JavaScript

Node.js reference implementation of the fhir-resource-access-audit spec: HAPI FHIR R4 → HIPAA Safe-Harbor vault contract → hash-chained Suite audit-stream → self-verifies against the spec's own JSON Schema. Proves the spec is implementable end-to-end. AGPL-3.0.

• Updated Jun 11, 2026
• JavaScript