AGPL-3.0 reference impl of mortgage-decision-record-audit-stream. Pacific Coast Mortgage × VendorR LoanDecision v5.2 trajectory. 2 invariants: UNIVERSAL human-underwriter on adverse-action-capable kinds + ECOA Reg B 30-day adverse-action notice per 12 CFR §1002.9. Kinetic Gain Suite.

AGPL-3.0 reference impl of HR Tech audit-stream. Only Suite audit-stream with TWO truly orthogonal candidate-protection invariants: human-hiring-decision (EEOC + Title VII) + NYC LL 144 candidate-notice with 14-day backward window. Runs MomentumHR × HireAssess v2.x end-to-end.

Microsoft Graph Permission Scope Auditor — operator surface for OAuth scope governance, over-permissioned apps, Conditional Access coverage gaps, scope-creep detection. Static HTML, browser-only, no backend. Buyer-facing operator surface (scopes.kineticgain.com).

DefenseTech audit-stream Operator: per-defense-AI-decision events hash-chained for DFARS 252.204-7012 + CMMC 2.0 + NIST 800-171/172 + ITAR + EAR + DoDI 5230.24 + NISPOM + False Claims Act. First Suite vertical with 3-axis taxonomy (CUI tier + export control + foreign-person restriction).

Node.js reference implementation of the matter-decision-record-audit-stream spec (LegalTech 6-pack #1). Proves the spec's three orthogonal invariants are MUTUALLY achievable end-to-end (privilege-tier consistency + engagement-letter binding + citation-validation-before-production-ready). Second ref impl in the Suite. AGPL-3.0.

AGPL-3.0 reference impl of insurance-decision-record-audit-stream. Coastguard Insurance × VendorI ClaimsTriage v3.x. 2 invariants: scoped human-adjudicator + NAIC Model Bulletin on AI 90-day bias-monitoring window. Tenth vertical reference impl in the Kinetic Gain Suite (current coverage: 10 of 11 verticals; RetailTech ref impl pending).

Operator surface for multi-tenant B2B SaaS isolation posture — blast-radius classification, RLS/dedicated-schema/shared-prefix mapping, cross-tenant data-access audit, lateral-movement risk. Browser-only, no telemetry. AGPL-3.0.

Unified MCP server for all 11 Kinetic Gain Protocol Suite specs + DefenseTech 6-pack — 71 tools (47 spec + 16 implementation + 8 DefenseTech). One Claude Desktop config entry. Stdio, no API key, no build step.

Operator surface for HRIS-to-IdP joiner/mover/leaver pipelines, SCIM sync health, orphan-account detection, and entitlement-grant recertification. Browser-only, no telemetry. AGPL-3.0.

Drop-in audit-stream + Decision Card vault contract SDK for B2B SaaS. Emit hash-chained Suite-compliant audit events, enforce vault contracts before AI tools touch sensitive data, validate Decision Cards. TypeScript-first, dual ESM/CJS, zero runtime deps. Apache-2.0.

Runtime permission broker for MCP tool invocations. Composes AI Procurement Decision Cards into PolicyBundles, applies deny-trumps-allow rules at request time, emits tamper-evident audit-stream events. The runtime enforcement point of the Kinetic Gain Protocol Suite.

HR Tech audit-stream Operator: per-hiring / promotion / performance / termination AI tool access events hash-chained for EEOC + ADA + Title VII + ADEA + GINA + OFCCP + NYC LL 144 + IL AI Video Interview Act + MD HB 1202 evidence. Workday/UKG/Greenhouse-bridged. Two invariants: human-hiring-decision + NYC LL 144 candidate-notice.

Live procurement-reviewer-grade dashboard for the Kinetic Gain audit-stream spine. Tails SSE governance events, renders per-producer rolling counters, walks the hash chain, cites NIST AI RMF per event kind. Deploys to governance.kineticgain.com.

AGPL-3.0 reference impl of GovTech audit-stream. THE FIRST Suite audit-stream with 3 orthogonal invariants: human-agency-officer + Federal AI Use Case Inventory entry + classification-clearance per E.O. 13526. Runs PRFSA × VendorG GovDecide v3.x trajectory end-to-end against mock federal vault + inventory.

Operator surface for adverse-event queue, signal-detection clusters, regulator-reporting deadlines (FDA MedWatch 15-day / EU MDR vigilance / PMDA), and causality-assessment workflow. Browser-only, no telemetry. AGPL-3.0.

AGPL-3.0 reference impl of EnergyTech audit-stream + 2-axis BES/OT-IT vault. Runs Continental Grid Operator × VendorE GridSense 6.x trajectory end-to-end. Anchors the FIRST Suite numeric regulatory wall-clock invariant (CIP-008 1-hour) in working code.

Node.js reference implementation of the fhir-resource-access-audit spec: HAPI FHIR R4 → HIPAA Safe-Harbor vault contract → hash-chained Suite audit-stream → self-verifies against the spec's own JSON Schema. Proves the spec is implementable end-to-end. AGPL-3.0.

Single-binary JWT validator + AI Procurement Decision Card v0.3 reveal-role enforcement gate. Verifies JWTs against JWKS, asks the buyer's signed Decision Card whether the principal's role may reveal the requested field, and emits hash-chained audit-stream events. First Go binary in the Kinetic Gain Protocol Suite.

Tamper-evident, MySQL-backed governance audit log for WordPress. SHA-256 hash chain (audit-stream-py compatible), one-click verify, optional forwarding to the Kinetic Gain audit-stream spine. GPL-2.0.

EnergyTech audit-stream Operator: per-grid-operations AI-decision events hash-chained for NERC CIP + FERC + TSA Security Directives + state PUC + DOE EO 14028 evidence. Every event carries bes_cyber_system_categorization + ot_it_boundary. First Suite verifier with regulatory wall-clock invariant (CIP-008 1-hour reporting window).