Runtime permission broker for MCP tool invocations. Composes AI Procurement Decision Cards into PolicyBundles, applies deny-trumps-allow rules at request time, emits tamper-evident audit-stream events. The runtime enforcement point of the Kinetic Gain Protocol Suite.

Auto-detect + route + verify any Kinetic Gain Protocol Suite artifact (Decision Card / Incident Card / Evidence Bundle / audit-stream event / state-tracker event) to the right vertical-specific logic across all 6 vertical 6-packs. Makes the parallel-structure thesis provably code-true. CLI + npm + GitHub Action.

Drop-in audit-stream + Decision Card vault contract SDK for B2B SaaS. Emit hash-chained Suite-compliant audit events, enforce vault contracts before AI tools touch sensitive data, validate Decision Cards. TypeScript-first, dual ESM/CJS, zero runtime deps. Apache-2.0.

Node.js reference implementation of the fhir-resource-access-audit spec: HAPI FHIR R4 → HIPAA Safe-Harbor vault contract → hash-chained Suite audit-stream → self-verifies against the spec's own JSON Schema. Proves the spec is implementable end-to-end. AGPL-3.0.

Hash-chained event schema + reference verifier for AI tool reads of student records. Bridges CEDS + Ed-Fi semantics to the Kinetic Gain audit-stream. Enforces tokenization, FERPA §99.32 logging consistency, COPPA school-as-agent invariants, Decision Card refs. EdTech-readiness scaffolding, not certification.

InsurTech audit-stream Operator: per-application / claim / pricing AI tool access events hash-chained for NAIC AI Model Bulletin + state DOI examination + NY DFS Circular Letter 7 + CO SB 21-169 + FCRA evidence. ACORD-bridged. human_adjudicator_required invariant. JSON Schema + Node verifier.

Postgres extension that emits audit-stream-py-compatible governance events on watched table CRUD via pg_notify, plus a Python LISTEN bridge daemon. The database-tier governance producer for the Kinetic Gain Protocol Suite.

FinTech audit-stream Operator: per-consumer-credit / deposit / payment / fraud / AML / robo-advisor / Section-1071-small-business AI tool events hash-chained for CFPB + OCC + FRB + FDIC + ECOA + FCRA + GLBA + BSA-AML evidence. Two invariants: human-credit-officer + FCRA permissible-purpose. Excludes mortgage + insurance.

Tamper-evident, MySQL-backed governance audit log for WordPress. SHA-256 hash chain (audit-stream-py compatible), one-click verify, optional forwarding to the Kinetic Gain audit-stream spine. GPL-2.0.

Single-binary JWT validator + AI Procurement Decision Card v0.3 reveal-role enforcement gate. Verifies JWTs against JWKS, asks the buyer's signed Decision Card whether the principal's role may reveal the requested field, and emits hash-chained audit-stream events. First Go binary in the Kinetic Gain Protocol Suite.

Live procurement-reviewer-grade dashboard for the Kinetic Gain audit-stream spine. Tails SSE governance events, renders per-producer rolling counters, walks the hash chain, cites NIST AI RMF per event kind. Deploys to governance.kineticgain.com.

HR Tech audit-stream Operator: per-hiring / promotion / performance / termination AI tool access events hash-chained for EEOC + ADA + Title VII + ADEA + GINA + OFCCP + NYC LL 144 + IL AI Video Interview Act + MD HB 1202 evidence. Workday/UKG/Greenhouse-bridged. Two invariants: human-hiring-decision + NYC LL 144 candidate-notice.

Mission-control operator console for the Kinetic Gain Protocol Suite — interactive topology mesh, configurable SRE operator dashboard, audit-stream visualization, PDF export. Deploys to console.kineticgain.com.

GovTech audit-stream Operator: per-federal/state/local AI decision-record events hash-chained for OMB M-24-10 + OMB M-24-18 + AI Bill of Rights + Section 508 + Privacy Act + FOIA + NIST AI RMF + EO 14110/14179 evidence. Three invariants: human-agency-officer + Federal AI Use Case Inventory + classification-clearance.

LegalTech audit-stream Operator: per-matter privileged decision-record events hash-chained for ABA Model Rule 1.1c8 + 1.6 + 3.3 + 5.3 + state-bar opinions + attorney-client privilege + work-product doctrine. Every event carries privilege_tier — LegalTech-unique design innovation.

Single-binary UTM event ingest + attribution service. Consent-gated persistence with the same granted/denied/unknown vocabulary as klaviyo-flow-consent-audit; hash-chained audit-stream events on every ingest and drop; REST aggregation by source/medium/campaign/surface + funnel rollup. Second Go binary in the Suite.

FHIR-aware append-only ledger of which AI tool read which patient resource. Bridges HL7 FHIR AuditEvent to the Kinetic Gain Protocol Suite hash-chained audit-stream — one verifiable record of AI access across the EHR, the RAG index, and Decision-Card-governed surfaces.

PropTech audit-stream Operator surface. Per-mortgage-application AI-tool-access events hash-chained for ECOA Reg B + RESPA + HMDA + GLBA Safeguards + CFPB UDAAP + Fair Housing recordkeeping. MISMO/URLA-bridged. human_underwriter_required invariant. JSON Schema + Node verifier.