{"id":50454076,"url":"https://github.com/mizcausevic-dev/mizcausevic-dev","last_synced_at":"2026-06-01T01:05:38.258Z","repository":{"id":356180646,"uuid":"1231388525","full_name":"mizcausevic-dev/mizcausevic-dev","owner":"mizcausevic-dev","description":"Two decades leading enterprise web platforms and digital ecosystems. Hands-on technical capability, AI curiosity, builder/operator mentality. I bridge the gap between complex enterprise data and the GenAI agents that consume it, ensuring brand integrity, security, and market dominance in the post-search era. ","archived":false,"fork":false,"pushed_at":"2026-05-23T20:43:52.000Z","size":87,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-23T22:17:52.755Z","etag":null,"topics":["enterprise-software","fullstack-development"],"latest_commit_sha":null,"homepage":"https://mizcausevic.com/skills/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mizcausevic-dev.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-06T23:11:17.000Z","updated_at":"2026-05-23T20:43:55.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/mizcausevic-dev/mizcausevic-dev","commit_stats":null,"previous_names":["mizcausevic-dev/mizcausevic-dev"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mizcausevic-dev/mizcausevic-dev","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fmizcausevic-dev","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fmizcausevic-dev/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fmizcausevic-dev/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fmizcausevic-dev/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mizcausevic-dev","download_url":"https://codeload.github.com/mizcausevic-dev/mizcausevic-dev/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fmizcausevic-dev/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33755379,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-31T02:00:06.040Z","response_time":95,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["enterprise-software","fullstack-development"],"created_at":"2026-06-01T01:05:37.333Z","updated_at":"2026-06-01T01:05:38.245Z","avatar_url":"https://github.com/mizcausevic-dev.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Miz Causevic\n\n\u003e **Engineering · Platform Architecture · B2B SaaS Technologist**\n\u003e Boston, MA · ~30 years across IBM, CyberArk, Alteryx, Digital.ai, Gryphon.ai\n\nI build the systems that sit between traffic, revenue, and the teams that operate them. Platform engineering, GTM systems, traffic integrity, digital intelligence, AI governance. **Publicly: 396 repos, 60+ live properties, and 15+ production-style operator surfaces.** I also author open specifications for the answer-engine era — and a fifteen-repo implementation stack that consumes them ([Suite × Implementations](https://github.com/mizcausevic-dev/kinetic-gain-protocol-suite#-suite--implementations)). Polyglot by choice: the language fits the problem, not the resume.\n\n\u003e *\"Long-lived credentials are tomorrow's incident reports. Build short-lived. Audit always. Document once.\"*\n\n### TL;DR\n\n- **Recruiters:** platform engineer / systems architect shipping across GTM, cloud, identity, AI governance, and operator tooling.\n- **CISOs / CTOs:** buyer-safe control planes, evidence routing, policy enforcement, and synthetic-data workflow surfaces for regulated and enterprise operations.\n- **Developers:** start with [docs.kineticgain.com](https://docs.kineticgain.com), [suite.kineticgain.com](https://suite.kineticgain.com), and [portfolio.kineticgain.com](https://portfolio.kineticgain.com).\n- **Founders / investors:** monetization ladder already in motion across open source, templates, hosted operator surfaces, and embedded implementation work.\n- **Fastest proof:** [portfolio.kineticgain.com](https://portfolio.kineticgain.com) for the live atlas, [suite.kineticgain.com](https://suite.kineticgain.com) for the protocol layer, [docs.kineticgain.com](https://docs.kineticgain.com) for guided entry points.\n\n### 👁️ Quick Navigation\n\n| If you're here for... | Jump to |\n|---|---|\n| Current scope and active build lanes | [Current expansion lane](#-current-expansion-lane) |\n| Reusable implementation tooling | [Developer Toolkit](#-developer-toolkit) |\n| Live public properties and stack composition | [Live Now — 60+ properties + implementation stack](#-live-now--60-properties--implementation-stack) |\n| Vertical operator surfaces | [Industry Atlas](#-industry-atlas--vertical-operator-control-planes) |\n| Local-first product work | [Sveska](#-sveska--local-first-notepad-pwa) |\n| Specs and governance infrastructure | [Kinetic Gain Protocol Suite](#-kinetic-gain-protocol-suite) |\n\n**Publication note:** many of the repos below were published in a concentrated May 2026 portfolio sprint. The dates reflect public packaging, CI, screenshots, and repo hardening, not the first moment the ideas or workstreams existed.\n\n### 📡 Current expansion lane\n\nThe current public wave now spans **revenue systems, traffic integrity, web-platform reliability, regulated workflow operations, a polyglot language atlas, and multi-cloud identity \u0026 platform governance**:\n\n- `GTM Systems \u0026 Growth` — demand-gen automation, CRM routing, lifecycle control, offer motion\n- `Traffic Integrity` — bot mitigation, click-fraud reduction, clean analytics inputs\n- `Digital Intelligence` — attribution, telemetry, SEO governance, pipeline clarity\n- `Platform Engineering` — headless CMS, DevOps, core web vitals, resilient delivery\n- `Regulated Workflow Systems` — approval routing, obligation graphs, consent evidence, audit posture\n- `Operational Command Surfaces` — bookings, creator launches, menu sync, store incidents, permits, crop compliance\n- `Language Atlas` — real operator surfaces in Flutter, Julia, Python, Rust, Go, PHP, Kotlin, and more where the language fits the system shape\n- `Cloud Identity, Platform, FinOps \u0026 Threat Detection` — operator surfaces for Microsoft (Entra access reviews, Intune device compliance, M365 Purview retention), AWS (IAM Access Analyzer + GuardDuty triage), GCP (IAM policy drift + billing-anomaly routing), and Azure (landing-zone drift). Each is a synthetic-data operator console at production hardness — AGPL-3.0-or-later, dual-Node CI, dependabot, 95%+ coverage, deployed on its own kineticgain.com subdomain.\n\nEarly anchors in that lane:\n- [`revops-lead-router`](https://github.com/mizcausevic-dev/revops-lead-router) — control plane for lead enrichment, CRM routing, speed-to-lead posture, and queue integrity\n- [`fraud-click-filter`](https://github.com/mizcausevic-dev/fraud-click-filter) · [`cf-bot-shield-tf`](https://github.com/mizcausevic-dev/cf-bot-shield-tf) · [`honeypot-form-validator`](https://github.com/mizcausevic-dev/honeypot-form-validator) · [`anomaly-log-hunter`](https://github.com/mizcausevic-dev/anomaly-log-hunter) — traffic-integrity layer for blocking fraudulent sessions before they burn ad spend or poison analytics\n- [`dbt-multi-touch-attr`](https://github.com/mizcausevic-dev/dbt-multi-touch-attr) · [`gtm-datalayer-standards`](https://github.com/mizcausevic-dev/gtm-datalayer-standards) · [`seo-vital-monitor`](https://github.com/mizcausevic-dev/seo-vital-monitor) · [`pipeline-velocity-dash`](https://github.com/mizcausevic-dev/pipeline-velocity-dash) — digital-intelligence layer for attribution, signal clarity, and route-level performance posture\n- [`offer-ladder-engine`](https://github.com/mizcausevic-dev/offer-ladder-engine) — offer-path and conversion-state control for pricing and package motion\n- [`edge-redirect-manager`](https://github.com/mizcausevic-dev/edge-redirect-manager) · [`headless-wp-vue-starter`](https://github.com/mizcausevic-dev/headless-wp-vue-starter) — web-platform layer for headless CMS delivery, route migration, preview-safe rendering, and SEO-conscious frontend architecture\n- [`regulatory-comment-intelligence-hub`](https://github.com/mizcausevic-dev/regulatory-comment-intelligence-hub) · [`contract-clause-obligation-graph`](https://github.com/mizcausevic-dev/contract-clause-obligation-graph) · [`prior-authorization-evidence-router`](https://github.com/mizcausevic-dev/prior-authorization-evidence-router) · [`patient-consent-audit-stream`](https://github.com/mizcausevic-dev/patient-consent-audit-stream) — regulated workflow layer for approvals, obligation mapping, evidence routing, and synthetic audit posture\n- [`creator-partnership-deal-desk`](https://github.com/mizcausevic-dev/creator-partnership-deal-desk) · [`booking-disruption-command-center`](https://github.com/mizcausevic-dev/booking-disruption-command-center) · [`menu-availability-sync-engine`](https://github.com/mizcausevic-dev/menu-availability-sync-engine) · [`store-ops-incident-board`](https://github.com/mizcausevic-dev/store-ops-incident-board) — launch and operations layer for creator programs, hospitality disruption handling, menu sync, and store incident response\n- [`flutter-operator-console`](https://github.com/mizcausevic-dev/flutter-operator-console) · [`capacity-optimizer-jl`](https://github.com/mizcausevic-dev/capacity-optimizer-jl) · [`regulatory-reporting-mart`](https://github.com/mizcausevic-dev/regulatory-reporting-mart) — language-atlas proof that the portfolio ships real operator systems in Flutter/Dart, Julia, and Python, not just one web stack\n- **Multi-cloud identity, platform, FinOps \u0026 threat-detection lane** — eight operator consoles all at v1.0-prod, all running on their own kineticgain.com subdomain:\n  - [`entra-access-review-control-plane`](https://github.com/mizcausevic-dev/entra-access-review-control-plane) → [entra.kineticgain.com](https://entra.kineticgain.com/) — Microsoft Entra access reviews \u0026 privileged role drift\n  - [`intune-device-compliance-ops`](https://github.com/mizcausevic-dev/intune-device-compliance-ops) → [intune.kineticgain.com](https://intune.kineticgain.com/) — Intune device compliance \u0026 jailbreak / OS-drift posture\n  - [`m365-retention-case-orchestrator`](https://github.com/mizcausevic-dev/m365-retention-case-orchestrator) → [retention.kineticgain.com](https://retention.kineticgain.com/) — Microsoft 365 Purview retention \u0026 eDiscovery\n  - [`aws-iam-access-analyzer-console`](https://github.com/mizcausevic-dev/aws-iam-access-analyzer-console) → [aws.kineticgain.com](https://aws.kineticgain.com/) — AWS IAM Access Analyzer \u0026 cross-account trust\n  - [`aws-guardduty-triage-board`](https://github.com/mizcausevic-dev/aws-guardduty-triage-board) → [guardduty.kineticgain.com](https://guardduty.kineticgain.com/) — AWS GuardDuty detector posture, threat-finding triage \u0026 incident response\n  - [`gcp-iam-policy-diff-lab`](https://github.com/mizcausevic-dev/gcp-iam-policy-diff-lab) → [gcp.kineticgain.com](https://gcp.kineticgain.com/) — GCP IAM policy drift \u0026 org-policy posture\n  - [`gcp-billing-anomaly-router`](https://github.com/mizcausevic-dev/gcp-billing-anomaly-router) → [billing.kineticgain.com](https://billing.kineticgain.com/) — GCP billing-anomaly routing, budget breaches \u0026 FinOps escalation\n  - [`azure-landing-zone-drift-radar`](https://github.com/mizcausevic-dev/azure-landing-zone-drift-radar) → [zone.kineticgain.com](https://zone.kineticgain.com/) — Azure landing-zone baseline drift \u0026 guardrail risk\n- **Horizontal composition tools for the Suite-as-parallel-structure thesis** — four pieces that make the ten 6-packs demonstrably composable at runtime, structurally comparable as buyer reference, dashboard-observable as Suite-wide posture, and discoverable at the suite hub:\n  - **[`kg-suite-vertical-router`](https://github.com/mizcausevic-dev/kg-suite-vertical-router)** — npm package + GitHub Action that auto-detects + routes ANY Suite artifact (Decision Card vault contract / Incident Card / Evidence Bundle manifest / audit-stream event / state-tracker event) to the right vertical-specific verification logic. One CLI command (`kg-suite-route artifact.json`) routes any artifact across any of the 10 verticals. Enforces 4 cross-cutting invariants: human-in-loop, FCRA permissible-purpose, NYC LL 144 candidate-notice, Incident-Card regulator-referral-evaluation structure.\n  - **[`kg-suite-vertical-comparator`](https://github.com/mizcausevic-dev/kg-suite-vertical-comparator)** — generates AEO-friendly Markdown + JSON tables surfacing SAME canonical shapes vs DIFFERENT per-vertical design contributions across all 60 sibling spec repos. Pre-generated canonical [`CROSS-VERTICAL-COMPARISON.md`](https://github.com/mizcausevic-dev/kg-suite-vertical-comparator/blob/main/docs/CROSS-VERTICAL-COMPARISON.md) covers the 10 × 6 matrix + 5 cross-cutting invariant tables. Plus per-artifact `kg-suite-compare a b` CLI. Reuse on procurement comparison sheets, RFPs, vendor due-diligence packages.\n  - **[`kg-suite-fleet-dashboard`](https://github.com/mizcausevic-dev/kg-suite-fleet-dashboard)** — single-file static HTML operator dashboard showing Suite-wide posture: hero count badges (10 verticals · 6 shapes · 60 repos · 5 invariants), per-vertical posture cards, cross-vertical posture-by-shape table, cross-cutting invariant compliance matrix, and CLI cards for router + comparator. Dark-themed, no framework, no build step, strict CSP. Live at [`mizcausevic-dev.github.io/kg-suite-fleet-dashboard/`](https://mizcausevic-dev.github.io/kg-suite-fleet-dashboard/).\n  - **Ten dark-themed vertical mini-landings** on [`suite.kineticgain.com/verticals/`](https://suite.kineticgain.com/verticals/) — one buyer-facing page per vertical 6-pack with federal-floor regulatory anchor, canonical example, key design innovation, and all 6 sibling repos as cards.\n- **HealthTech + EdTech + PropTech + InsurTech + HR Tech + FinTech + GovTech + LegalTech + EnergyTech + DefenseTech 6-packs — sixty sibling specs / profiles / labs that fan out the Suite's regulated-vertical coverage across ten verticals as parallel structures.** Each vertical's six repos mirror the same six shapes (Decision Card vault profile · Incident Card profile · Evidence Bundle profile for compliance · Evidence Bundle profile for bias · Operator audit-stream schema · Operator regulatory-lifecycle tracker), so a buyer's tooling that processes one vertical's artifacts works on the other nine. All v0.1 draft, all MIT (spec-side licensing), all `kinetic-gain-protocol-suite` topic-tagged, all composing with each other via `linked_records` so a single deployment's evidence reads as one graph.\n\n- **TEN reference implementations** (AGPL-3.0) — one per vertical, completing **10/10 reference-impl coverage**. Each proves its vertical's audit-stream spec is implementable end-to-end, the parallel-structure thesis holds in code, and the per-vertical regulatory invariants survive a real hash-chained trajectory. Together they map five distinct wall-clock invariant patterns the Suite supports (forward-from-event, backward-before-event, must-precede precondition, anchored-on-completed-application, bounded-backward window):\n  - [`fhir-resource-access-audit-reference`](https://github.com/mizcausevic-dev/fhir-resource-access-audit-reference) — HealthTech: reads HAPI FHIR test server, applies HIPAA Safe-Harbor vault, hash-chains Suite events, re-validates spec JSON Schema in CI\n  - [`matter-decision-record-audit-stream-reference`](https://github.com/mizcausevic-dev/matter-decision-record-audit-stream-reference) — LegalTech: canonical 7-step matter trajectory, attorney-client vault, **three invariants** (privilege-tier consistency + engagement-letter binding + citation-validation-before-production-ready), 9 tests green\n  - [`grid-decision-record-audit-stream-reference`](https://github.com/mizcausevic-dev/grid-decision-record-audit-stream-reference) — EnergyTech: NERC CIP-008 **1-hour wall-clock** incident reporting invariant\n  - [`defense-decision-record-audit-stream-reference`](https://github.com/mizcausevic-dev/defense-decision-record-audit-stream-reference) — DefenseTech: 3-axis CUI vault contract (categorization × export-control × foreign-person-access) + **DFARS 72-hour cyber-incident wall clock**\n  - [`government-decision-record-audit-stream-reference`](https://github.com/mizcausevic-dev/government-decision-record-audit-stream-reference) — GovTech: OMB M-24-10 rights-impacting vs safety-impacting trajectory + impact-assessment-before-deployment precondition\n  - [`financial-decision-record-audit-stream-reference`](https://github.com/mizcausevic-dev/financial-decision-record-audit-stream-reference) — FinTech: FCRA §604 permissible-purpose enumeration + ECOA timing-of-credit-decision binding\n  - [`employment-decision-record-audit-stream-reference`](https://github.com/mizcausevic-dev/employment-decision-record-audit-stream-reference) — HR Tech: **NYC LL 144 14-day backward-before-event** candidate-notice window + EEOC four-fifths-rule wired to bias-audit timestamp\n  - [`student-data-access-audit-stream-reference`](https://github.com/mizcausevic-dev/student-data-access-audit-stream-reference) — EdTech: FERPA basis enumeration (34 CFR Part 99) + COPPA **must-precede-event** verifiable parental consent for under-13 (16 CFR §312.4)\n  - [`mortgage-decision-record-audit-stream-reference`](https://github.com/mizcausevic-dev/mortgage-decision-record-audit-stream-reference) — PropTech: **UNIVERSAL** human-underwriter rule (only Suite vertical with universal-not-scoped human gate) + **ECOA 30-day notice anchored on application-completed-at**, not event timestamp\n  - [`insurance-decision-record-audit-stream-reference`](https://github.com/mizcausevic-dev/insurance-decision-record-audit-stream-reference) — InsurTech: scoped human-adjudicator + **NAIC Model Bulletin on AI 90-day bounded-backward** bias-monitoring window\n\n  **HealthTech 6-pack** (FDA + HIPAA + Section 1557 + IMDRF):\n  - [`fhir-resource-access-audit`](https://github.com/mizcausevic-dev/fhir-resource-access-audit) — append-only ledger of which AI tool read which patient FHIR resource (HL7 FHIR `AuditEvent` → Suite audit-stream)\n  - [`fda-samd-classification-board`](https://github.com/mizcausevic-dev/fda-samd-classification-board) — hash-chained record + reference verifier for an AI/ML medical device's FDA SaMD classification lifecycle (510(k) / De Novo / PMA + PCCP per FDA Dec 2024 final)\n  - [`hipaa-readiness-evidence-bundle`](https://github.com/mizcausevic-dev/hipaa-readiness-evidence-bundle) — evidence-bundle-spec profile scoped to HIPAA Security Rule's 18 Administrative / Physical / Technical standards\n  - [`clinical-bias-cohort-coverage-lab`](https://github.com/mizcausevic-dev/clinical-bias-cohort-coverage-lab) — pre-market + post-deployment bias coverage profile (OMB SPD 15 + Section 1557 + Fitzpatrick + equity metrics)\n  - [`medical-adverse-event-incident-card`](https://github.com/mizcausevic-dev/medical-adverse-event-incident-card) — AI Incident Card profile mapping to FDA MedWatch + EU MDR vigilance + IMDRF AE Terminology + CTCAE-aligned severity\n  - [`phi-vault-contract-profile`](https://github.com/mizcausevic-dev/phi-vault-contract-profile) — AI Procurement Decision Card v0.3 vault contract profile naming HIPAA's 18 Safe Harbor identifier categories\n\n  **EdTech 6-pack** (FERPA + COPPA + IDEA / Section 504 + ESSA + 50 state student-data-privacy regimes):\n  - [`student-data-access-audit-stream`](https://github.com/mizcausevic-dev/student-data-access-audit-stream) — append-only ledger of which AI tool read which student record under what FERPA exception or COPPA consent basis. CEDS + Ed-Fi semantics → Suite audit-stream\n  - [`state-ai-disclosure-state-tracker`](https://github.com/mizcausevic-dev/state-ai-disclosure-state-tracker) — hash-chained per-state lifecycle record for the 50 state student-data-privacy + state-AI-policy regimes (IL SOPPA, CA AB 1584 + AB 2876, TX HB 18 / SCOPE, NY ED Law 2-d, VA ChAIPA, etc.). Per-state state machine + verifier\n  - [`ferpa-readiness-evidence-bundle`](https://github.com/mizcausevic-dev/ferpa-readiness-evidence-bundle) — evidence-bundle-spec profile scoped to FERPA's 8 obligation families (annual notification, school-official exception, directory information, consent, records of disclosure, amendment, breach response, vendor procurement controls)\n  - [`student-cohort-bias-coverage-lab`](https://github.com/mizcausevic-dev/student-cohort-bias-coverage-lab) — bias coverage profile scoped to ESSA accountability subgroups (race per OMB SPD 15, EL, IDEA/504, migrant, gender per Title IX) + EdTech additional dimensions (Fitzpatrick analog: EL WIDA proficiency, foster, homeless, primary home language)\n  - [`ai-student-record-incident-card-profile`](https://github.com/mizcausevic-dev/ai-student-record-incident-card-profile) — AI Incident Card profile mapping severity/type fields to FERPA + COPPA + IDEA + Section 504 + Title VI/IX/504 civil rights + per-state breach-notification taxonomies, plus a CTCAE-analog instructional-impact severity scale\n  - [`pii-student-vault-contract-profile`](https://github.com/mizcausevic-dev/pii-student-vault-contract-profile) — AI Procurement Decision Card v0.3 vault contract profile naming FERPA's 7 §99.3 PII categories AND COPPA's 10 §312.2 PI categories (2025 refresh) AND a four-doctrine consent_basis_taxonomy\n\n  **PropTech 6-pack** (RESPA + ECOA Reg B + Fair Housing Act + HMDA + GLBA Safeguards + CFPB UDAAP + 50 state real-estate-AI regimes):\n  - [`mortgage-decision-record-audit-stream`](https://github.com/mizcausevic-dev/mortgage-decision-record-audit-stream) — per-mortgage-application AI-tool-access events, hash-chained for ECOA Reg B 12 CFR 1002.12 + GLBA + HMDA + CFPB UDAAP recordkeeping. MISMO + Fannie Mae URLA semantics → Suite audit-stream. `human_underwriter_required` invariant blocks autonomous adverse-action issuance\n  - [`state-real-estate-ai-disclosure-tracker`](https://github.com/mizcausevic-dev/state-real-estate-ai-disclosure-tracker) — per-state lifecycle ledger of US state real-estate / mortgage / appraisal / tenant-screening AI-disclosure laws. State machine + verifier. Seed: CA SB 942, CO SB 24-205, IL HB 3773, NY S 1169, TX HB 1709 (TRAIGA)\n  - [`respa-readiness-evidence-bundle`](https://github.com/mizcausevic-dev/respa-readiness-evidence-bundle) — evidence-bundle-spec profile scoped to mortgage / real-estate AI compliance readiness across 10 obligation families (RESPA, ECOA Reg B, TILA-RESPA TRID, Fair Housing, HMDA, GLBA Safeguards, CFPB UDAAP, ALTA Best Practices, NAR 2024 Settlement, state real-estate AI laws)\n  - [`mortgage-applicant-bias-coverage-lab`](https://github.com/mizcausevic-dev/mortgage-applicant-bias-coverage-lab) — pre-deployment + ongoing-monitoring bias coverage profile for AI mortgage / appraisal / pricing tools. ECOA Reg B 9 protected classes + Fair Housing Act 7 classes + mortgage dimensions (LTV/DTI bands, MSA, census tract, majority-minority-tract flag). **EEOC four-fifths-rule** canonical disparate-impact threshold\n  - [`title-chain-evidence-incident-card-profile`](https://github.com/mizcausevic-dev/title-chain-evidence-incident-card-profile) — AI Incident Card profile mapping severity / type fields to CFPB UDAAP + ECOA + Fair Housing + RESPA Section 8 + title-chain integrity event taxonomies\n  - [`mls-data-access-vault-contract-profile`](https://github.com/mizcausevic-dev/mls-data-access-vault-contract-profile) — AI Procurement Decision Card v0.3 vault contract profile naming RESPA + ECOA + Fair Housing + MLS + GLBA data categories AND a 7-doctrine consent_basis_taxonomy\n\n  **InsurTech 6-pack** (NAIC AI Model Bulletin Nov 2023 + state DOI adoptions + NY DFS Circular Letter 7 + CO SB 21-169 + CA DOI Bulletin 2022-5 + FCRA + GLBA + ACORD):\n  - [`insurance-decision-record-audit-stream`](https://github.com/mizcausevic-dev/insurance-decision-record-audit-stream) — per-application / claim / pricing AI-tool-access events, hash-chained. Covers underwriting + claims + pricing under one schema with kind enum branching. ACORD-bridged. `human_adjudicator_required` invariant scoped to adverse-action-capable kinds + recommendations\n  - [`state-insurance-ai-disclosure-tracker`](https://github.com/mizcausevic-dev/state-insurance-ai-disclosure-tracker) — per-state lifecycle ledger of US state DOI AI bulletins / circular letters / regulations / statutes. 9-state lifecycle + 6-vehicle taxonomy. Seed: CT (first NAIC adoption), NY DFS CL 7, CO 3 CCR 702-10 (CO SB 21-169 implementation), CA Bulletin 2022-5, WA TAA 2024-04\n  - [`naic-ai-bulletin-readiness-evidence-bundle`](https://github.com/mizcausevic-dev/naic-ai-bulletin-readiness-evidence-bundle) — evidence-bundle-spec profile scoped to NAIC AI Model Bulletin (Nov 2023) readiness across 6 obligation families (governance · risk-management · third-party-ai · testing-validation · consumer-protection · state-doi-examination-readiness). NY DFS CL 7 + CO 3 CCR 702-10 overlays\n  - [`insurance-applicant-bias-coverage-lab`](https://github.com/mizcausevic-dev/insurance-applicant-bias-coverage-lab) — pre-deployment + ongoing-monitoring bias coverage profile. CO SB 21-169 + NAIC §3 + NY DFS CL 7 + EEOC four-fifths-rule + the insurance-unique **`actuarial-soundness-defended`** coverage status (recognizes apparent gaps that are actuarially justified)\n  - [`unfair-discrimination-incident-card-profile`](https://github.com/mizcausevic-dev/unfair-discrimination-incident-card-profile) — AI Incident Card profile for insurance unfair-discrimination / biased decisioning / NAIC governance gaps / ECDIS defects / FCRA-dispute patterns / state DOI exam findings. 10 event types + 4-tier severity + 6 regulator-referral pathways with evaluation-state tracking\n  - [`policyholder-data-vault-contract-profile`](https://github.com/mizcausevic-dev/policyholder-data-vault-contract-profile) — AI Procurement Decision Card v0.3 vault contract profile naming 15 insurance-data categories (ACORD-family + external consumer data + media + protected-class data) + 7-doctrine consent_basis + 9 protection levels + 5 vendor due-diligence artifacts. Protected-class data default: tokenized AND NOT a model input\n\n  **HR Tech 6-pack** (EEOC AI Guidance May 2023 + Title VII + ADA + ADEA + GINA + OFCCP + NYC Local Law 144 + IL 820 ILCS 42 Video Interview Act + MD HB 1202 Facial Recognition + CO SB 24-205):\n  - [`employment-decision-record-audit-stream`](https://github.com/mizcausevic-dev/employment-decision-record-audit-stream) — per-hiring / promotion / performance / termination AI-tool-access events, hash-chained. 14-kind event taxonomy. Workday/UKG/Greenhouse-bridged. **Two distinct invariants**: human-hiring-decision-required + NYC LL 144 candidate-notice-provided (the only Suite audit-stream with two orthogonal invariants because LL 144 imposes a candidate-notice obligation independent of human-in-loop)\n  - [`state-employment-ai-disclosure-tracker`](https://github.com/mizcausevic-dev/state-employment-ai-disclosure-tracker) — per-jurisdiction lifecycle ledger of US state + local employment-AI laws. **First Suite tracker supporting sub-state jurisdictions** (US-XX-CITY pattern, because NYC LL 144 is THE headline). Seed: NYC LL 144, IL 820 ILCS 42 + HB 3773, MD HB 1202, CA AB 331 (withdrawn), CO SB 24-205\n  - [`eeoc-readiness-evidence-bundle`](https://github.com/mizcausevic-dev/eeoc-readiness-evidence-bundle) — evidence-bundle-spec profile scoped to EEOC AI Guidance (May 2023) readiness across 6 obligation families (title-vii-disparate-impact · ada-accommodation · adea-age-fairness · gina-genetic-info-prohibition · eeoc-recordkeeping · ofccp-federal-contractor)\n  - [`employment-candidate-bias-coverage-lab`](https://github.com/mizcausevic-dev/employment-candidate-bias-coverage-lab) — pre-deployment + ongoing-monitoring bias coverage profile. NYC LL 144 annual-bias-audit + UGESP four-fifths-rule + UGESP §1607.5(D) **2-SD practical-significance test** + Bostock SO/GI expansion + the HR-Tech-unique **`accommodation-pathway-impairment`** coverage status\n  - [`employment-ai-incident-card-profile`](https://github.com/mizcausevic-dev/employment-ai-incident-card-profile) — AI Incident Card profile for employment-AI consumer-harm events. 13 event types + 4-tier severity + 7 regulator-referral pathways (EEOC + state civil-rights agency + NYC DCWP + OFCCP + DOJ + ADA-Rehab-503 + state AG) with evaluation-state tracking\n  - [`candidate-data-vault-contract-profile`](https://github.com/mizcausevic-dev/candidate-data-vault-contract-profile) — AI Procurement Decision Card v0.3 vault contract profile naming 19 candidate-data categories + 7-doctrine consent_basis + 9 protection levels + **5-flag ADA accommodation pathway block** + 7 vendor due-diligence artifacts. **6 categories** default `tokenized-and-not-as-model-input-by-default` (biometric features, credit-check, social-media-scrape, protected-class self-ID, accommodation request, ADA medical doc)\n\n  **FinTech 6-pack** (CFPB AI bulletin 2023 + CFPB Section 1071 + CFPB Section 1033 + CFPB UDAAP + OCC/FRB/FDIC joint AI statement 2023 + OCC Bulletin 2011-12 + FRB SR 11-7 + ECOA Reg B + FCRA Reg V + GLBA Safeguards + BSA/AML + SEC/FINRA. Distinct from PropTech mortgage):\n  - [`financial-decision-record-audit-stream`](https://github.com/mizcausevic-dev/financial-decision-record-audit-stream) — per-consumer-credit / deposit / payment / fraud / AML / robo-advisor / Section-1071-small-business AI-tool-access events, hash-chained. 15-kind event taxonomy across 19 product lines. Two orthogonal invariants: **human-credit-officer-required** AND **FCRA permissible-purpose required** (every credit-bureau pull must cite FCRA §604)\n  - [`state-financial-ai-disclosure-tracker`](https://github.com/mizcausevic-dev/state-financial-ai-disclosure-tracker) — per-state lifecycle ledger of US state banking-regulator regulations + state-AG enforcement + state statutes. **First Suite tracker supporting multi-regulation per state** (CA CCFPL statute + CA DFPI 10 CCR 1060-1077 implementation as parallel lifecycle streams). Seed: NY Part 500 + 2nd Amendment, CA CCFPL + DFPI 10 CCR, CO SB 24-205, IL HB 3773, TX HB 1709\n  - [`cfpb-readiness-evidence-bundle`](https://github.com/mizcausevic-dev/cfpb-readiness-evidence-bundle) — evidence-bundle-spec profile across **8 obligation families** (model-risk-management · ECOA Reg B · FCRA Reg V · GLBA Safeguards · BSA/AML · Section 1071 small business · Section 1033 financial data rights · CFPB UDAAP). ECOA-specific P760D (25-month) recordkeeping freshness floor\n  - [`financial-applicant-bias-coverage-lab`](https://github.com/mizcausevic-dev/financial-applicant-bias-coverage-lab) — pre-deployment + ongoing-monitoring bias coverage profile. ECOA Reg B 9 protected classes + Section 1071 minority/women/LGBTQI-owned business status + FinTech-specific dimensions (credit-score band, channel online vs in-branch, thin-file vs thick-file). Adds **`business-necessity-defended`** AND **`redlining-pattern-flagged`** coverage statuses\n  - [`financial-ai-incident-card-profile`](https://github.com/mizcausevic-dev/financial-ai-incident-card-profile) — AI Incident Card profile for FinTech AI consumer-harm events. 15 event types + 4-tier severity + 9 regulator-referral pathways including **primary-federal-supervisor-notification** (routes to OCC / FRB / FDIC / NCUA per institution type) + `fincen-sar-narrative-update` + `cfpb-fair-lending-referral`\n  - [`financial-customer-data-vault-contract-profile`](https://github.com/mizcausevic-dev/financial-customer-data-vault-contract-profile) — AI Procurement Decision Card v0.3 vault contract profile naming 17 financial-data categories + 10-doctrine consent_basis + 10 protection levels + 8 vendor due-diligence artifacts. **Section 1071 demographic + ECOA-protected-class** default `tokenized-and-not-as-model-input-by-default`. Section 1033 data-portability window in retention envelope\n\n  **GovTech 6-pack** (OMB M-24-10 + AI Bill of Rights + Section 508 + Privacy Act + FOIA + NIST AI RMF + EO 14110 [rescinded] / EO 14179 + FedRAMP + state government AI laws — covers government's OWN AI use, distinct from prior 6 verticals which cover government-as-regulator):\n  - [`government-decision-record-audit-stream`](https://github.com/mizcausevic-dev/government-decision-record-audit-stream) — per-federal / state / local AI decision-record events, hash-chained. 16-kind event taxonomy across benefit determination + federal contracting + FOIA + tax admin + law enforcement + chatbot + regulatory permit. **First Suite audit stream with THREE orthogonal invariants**: human-agency-officer + Federal AI Use Case Inventory + classification-clearance (E.O. 13526 / 32 CFR Part 2002 CUI ordered enforcement)\n  - [`state-government-ai-disclosure-tracker`](https://github.com/mizcausevic-dev/state-government-ai-disclosure-tracker) — per-jurisdiction lifecycle ledger of US federal EOs + OMB memos + state government AI laws + local AI ordinances. Includes **`rescinded`** lifecycle state (executive orders + memos uniquely susceptible). Seed: OMB M-24-10 effective, EO 14110 rescinded by EO 14179, CT Public Act 23-16, NYC AI Mayoral Action Plan\n  - [`omb-m24-10-readiness-evidence-bundle`](https://github.com/mizcausevic-dev/omb-m24-10-readiness-evidence-bundle) — evidence-bundle-spec profile across **8 obligation families** covering OMB M-24-10 governance + Federal AI Use Case Inventory + rights-impacting + safety-impacting minimum practices + OMB M-24-18 procurement + Section 508 accessibility + Privacy Act / FOIA + NIST AI RMF\n  - [`government-applicant-bias-coverage-lab`](https://github.com/mizcausevic-dev/government-applicant-bias-coverage-lab) — pre-deployment + ongoing-monitoring bias coverage profile. OMB M-24-10 §5(d) + Title VI + ADA Title II + Section 1557 + OFCCP-equivalent + EEOC four-fifths-rule. Adds **GovTech-unique Title VI LEP dimension** + **`accessibility-pathway-impairment`** + **`agency-civil-rights-finding-pending`** coverage statuses\n  - [`government-ai-incident-card-profile`](https://github.com/mizcausevic-dev/government-ai-incident-card-profile) — AI Incident Card profile for federal / state / local government AI consumer-harm events. **18 event types — most extensive of any vertical Incident Card** because government AI has the widest event-type surface area (multiple internal regulators + multiple external regulators + congressional oversight + state AG overlay + Federal AI Use Case Inventory inaccuracy as distinct event). 10 regulator-referral pathways including the GovTech-unique `federal-ai-use-case-inventory-correction`\n  - [`citizen-data-vault-contract-profile`](https://github.com/mizcausevic-dev/citizen-data-vault-contract-profile) — AI Procurement Decision Card v0.3 vault contract profile naming 15 government-data categories. 10 protection levels including GovTech-unique **`clearance-gated`** (REQUIRES matching `agent_clearance_level`) + **`tokenized-with-foia-exemption-tagging`** + **`tokenized-with-language-code-cleartext`** (Title VI LEP routing). **REQUIRED `ai_use_case_inventory_block`** — the OMB M-24-10 §3(a) inventory-publication requirement encoded directly into the Decision Card (no other vertical has this)\n\n  **LegalTech 6-pack** (ABA Model Rules 1.1c8 + 1.6 + 1.6(c) + 1.7 + 1.9 + 3.3 + 5.3 + 5.5 + attorney-client privilege + work-product doctrine + state bar opinions (CA / NY-COSAC / FL / DC / PA / TX / IL) + Mata v. Avianca-era federal court standing orders — covers attorneys' OWN AI use ethics, distinct from prior 7 verticals):\n  - [`matter-decision-record-audit-stream`](https://github.com/mizcausevic-dev/matter-decision-record-audit-stream) — per-matter privileged decision events, hash-chained. 14-kind event taxonomy. **FIRST Suite audit stream where `resource.privilege_tier` is REQUIRED on every event** — 8-value taxonomy (privileged · work-product · joint-defense · common-interest · public-record · pre-litigation-investigative-privilege · tribunal-disclosure-required · opposing-party-quarantine). Three invariants: privilege-tier consistency + engagement-letter binding (ABA 1.7/1.9) + citation-validation-before-production-ready (anti-Mata-v-Avianca)\n  - [`state-bar-ai-disclosure-tracker`](https://github.com/mizcausevic-dev/state-bar-ai-disclosure-tracker) — jurisdiction-spanning lifecycle tracker. 9 jurisdictions seeded (ABA + 7 state bars + SDNY Mata v. Avianca sanction). Same `bar_jurisdiction` field accepts both state bar (`US-CA-BAR`) and federal court (`SDNY`) identifiers\n  - [`aba-rule-1-6-readiness-evidence-bundle`](https://github.com/mizcausevic-dev/aba-rule-1-6-readiness-evidence-bundle) — evidence-bundle-spec profile. **8 obligation families × 35 required evidence kinds.** Treats attorney-client privilege + work-product doctrine as TWO separate families (waiver mechanics differ from confidentiality)\n  - [`legal-applicant-bias-coverage-lab`](https://github.com/mizcausevic-dev/legal-applicant-bias-coverage-lab) — bias coverage for legal AI (jury selection, sentencing, immigration triage, public defender caseload, eDiscovery TAR). Three LegalTech-unique subgroups (indigent_defendant_status / immigration_status / criminal_history_band) + **`compas-cautionary-pattern-detected`** + **`batson-pattern-detected`** coverage statuses + supervising-attorney review REQUIRED on four trigger categories (lab gates, doesn't just measure)\n  - [`legal-ai-incident-card-profile`](https://github.com/mizcausevic-dev/legal-ai-incident-card-profile) — 18 event types incl Mata-v-Avianca court-sanctioned-hallucination. **6-code `privilege_waiver_risk_taxonomy`** (Fed. R. Evid. 502(d) clawback as distinct rung — no other vertical Incident Card has this). **ed25519 signature REQUIRED** (LegalTech tightens this; sibling verticals leave it optional). Criminal-defense Sixth-Amendment effective-assistance disclosure as a first-class referral pathway\n  - [`attorney-client-data-vault-contract-profile`](https://github.com/mizcausevic-dev/attorney-client-data-vault-contract-profile) — design centerpiece. 18 attorney-client-data categories × 8 privilege tiers (**same enum as the audit-stream** — typed cross-repo binding). **4 LegalTech-unique runtime invariants**: cross-matter-firewall + privilege-marker stamping + opposing-party-quarantine enforcement + no-training-data-use vendor contract clause REQUIRED. Two LegalTech-unique protection levels: `tokenized-and-not-as-model-input-by-default-cross-matter` + `privilege-marker-required-on-every-disclosure`\n\n  **EnergyTech 6-pack** (NERC CIP-002 through CIP-014 + NERC operating procedures + FERC Orders 2222 + 715 + TSA Security Directives SD-2021-02 / SD-2021-02C + DOE EO 14028 implementation + EPA Clean Air Act Section 114 + state PUC orders (CA / NY / TX / MA / IL / WA) + ISO/RTO Business Practice Manuals — covers AI tools touching the bulk electric system + pipelines + wholesale energy markets, distinct from prior 8 verticals):\n  - [`grid-decision-record-audit-stream`](https://github.com/mizcausevic-dev/grid-decision-record-audit-stream) — per-grid-operations AI-decision events. 17-kind taxonomy. **FIRST Suite audit stream where `resource.bes_cyber_system_categorization` (HIGH/MEDIUM/LOW/NONE/PHYSICAL-SECURITY-PERIMETER-ONLY per CIP-002-5.1a) AND `resource.ot_it_boundary` (OT/IT/OT-IT-CROSSING) are BOTH REQUIRED on every event** — first vertical with physical-realm-vs-data-realm distinction. Three invariants including the **FIRST Suite invariant enforcing a regulatory wall-clock numerically** (CIP-008 1-hour reporting window)\n  - [`state-puc-ai-disclosure-tracker`](https://github.com/mizcausevic-dev/state-puc-ai-disclosure-tracker) — mixed-authority lifecycle tracker covering state PUC + FERC + NERC + ISO/RTO + TSA/DOE/EPA all in one `jurisdiction` field — collapsing reflects the energy sector's actual multi-layered regulatory geography. 10 jurisdictions seeded (6 state PUCs + FERC Order 2222 + NERC CIP-013-3 + TSA SD-2021-02C + CAISO BPM Rev 71). Per-(jurisdiction, docket) lifecycle threading.\n  - [`nerc-cip-readiness-evidence-bundle`](https://github.com/mizcausevic-dev/nerc-cip-readiness-evidence-bundle) — **12 obligation families × 53 required evidence kinds — LARGEST evidence bundle in the Suite.** Two parallel regulatory clocks (CIP-008 1-hour + TSA 12-hour) as separately-named drill records. AI model version change explicitly treated as CIP-010 configuration change.\n  - [`grid-operator-bias-coverage-lab`](https://github.com/mizcausevic-dev/grid-operator-bias-coverage-lab) — **POPULATION-LEVEL equity in essential service delivery, not individual decisioning** — first Suite bias lab reframed. 9 subgroup taxonomies anchored to EPA EJSCREEN + Justice40 + state DAC designations + DOE LEAD. 3 EnergyTech-unique pattern detectors. **7-day freshness window** for load shed events (shortest in Suite).\n  - [`grid-operations-incident-card-profile`](https://github.com/mizcausevic-dev/grid-operations-incident-card-profile) — **20 event types — MOST EXTENSIVE Incident Card across all 9 verticals.** Includes regulatory-clock meta-violations as first-class event types (missing the window is its own separately-enforceable violation). **12 referral pathways** — most extensive in Suite — including NERC E-ISAC, CISA, TSA, DOE CESER, FERC, ISO/RTO Market Monitor, EPA EJ, DOJ Civil Rights, FBI Cyber Division\n  - [`grid-asset-data-vault-contract-profile`](https://github.com/mizcausevic-dev/grid-asset-data-vault-contract-profile) — design centerpiece. 20 grid-asset data categories × 5 BES tiers × 3 OT/IT codes × 12 protection levels (7 EnergyTech-unique). `bes_cyber_system_categorization` + `ot_it_boundary` are SAME enums cross-bound across THREE EnergyTech repos — **strongest typed cross-repo binding in the Suite to date**. **`medical-baseline-tokenized-with-flag`** protection level is the only place in the Suite where a per-record flag remains accessible alongside opaque identity (outage-prioritization AI must honor critical-medical-equipment registry without learning who the customer is). 5 EnergyTech-unique runtime invariants including asymmetric OT→IT data-diode enforcement (IT→OT FORBIDDEN by default)\n\n  **DefenseTech 6-pack** (DFARS 252.204-7012/7019/7020/7021 + CMMC 2.0 L1/L2/L3 + NIST SP 800-171 r2 + NIST SP 800-172 + ITAR 22 CFR 120-130 + EAR 15 CFR 730-774 + EAR deemed export 22 CFR 120.50 + E.O. 13526 + ICD 705 + DoDI 5230.24 + CUI Notice 2020-04 + NISPOM 32 CFR 117 + FAR 52.204-21 + False Claims Act 31 USC 3729 — covers AI tools used by DIB prime + sub contractors + FFRDCs + defense-systems integrators touching CUI / classified / ITAR-controlled technical data, distinct from prior 9 verticals):\n  - [`defense-decision-record-audit-stream`](https://github.com/mizcausevic-dev/defense-decision-record-audit-stream) — per-defense-AI-decision events. 18-kind taxonomy. **FIRST Suite audit stream with THREE first-class required fields on resource**: `cui_categorization` (9 tiers PUBLIC → SCI) + `export_control_status` (NOT-CONTROLLED / EAR-99 / EAR-CCL / ITAR) + `foreign_person_access_restriction` (5 tiers). Three invariants: CUI distribution-statement on CUI-Specified+ (DoDI 5230.24); export-control gating (ITAR requires us_person_status verification + DDTC license number on AUTHORIZED-FOREIGN-PERSON); **DFARS 252.204-7012(c)(1)(ii) 72-hour wall-clock** — SECOND Suite verifier enforcing numeric regulatory time-arithmetic (after EnergyTech CIP-008 1-hour).\n  - [`dod-cmmc-disclosure-tracker`](https://github.com/mizcausevic-dev/dod-cmmc-disclosure-tracker) — 10 federal authorities seeded: DoD CIO + Cyber AB + DIBCAC + DDTC + BIS + NIST + GSA + DCMA + DCSA + NARA-ISOO. **8 distinct enforcement modes** — most diverse enforcement-mode diversity of any state-tracker in the Suite, reflecting that no two federal-defense authorities work the same way (contract-clause-flowdown vs license-pre-authorization vs facility-personnel-clearance vs registry-curation-plus-agency-oversight are structurally different).\n  - [`cmmc-l2-l3-readiness-evidence-bundle`](https://github.com/mizcausevic-dev/cmmc-l2-l3-readiness-evidence-bundle) — **18 control families × 48 evidence kinds**. 14 NIST 800-171 families + 4 CMMC-program-specific families (Program Mgmt / POA\u0026M / SPRS Scoring / C3PAO Assessment Artifacts). Three invariants: L3+DIBCAC requires dibcac confidence score; DFARS 7019/7020 in scope requires cmmc-sprs-scoring evidence; every `not-satisfied` outcome must carry a `poam_ref` (orphan failures break POA\u0026M traceability).\n  - [`defense-contractor-bias-coverage-lab`](https://github.com/mizcausevic-dev/defense-contractor-bias-coverage-lab) — 15 dimensions × 8 metric kinds × 14 regulatory bases × 8 decision domains. **Population-level only** (per OFCCP guidance — counts below 20 reported as `insufficient-data` to avoid de-anonymization). DefenseTech-unique dimensions: protected-veteran-status-vevraa-4212, security-clearance-tier-distribution, clearance-denial-rate, polygraph-success-rate, subcontractor-sb-sdb-vosb-classification, insider-threat-flag-rate. Three invariants on regulatory citation completeness.\n  - [`defense-ai-incident-card-profile`](https://github.com/mizcausevic-dev/defense-ai-incident-card-profile) — **22 event types — LARGEST Incident Card profile in the Suite.** Spans DFARS cyber incidents, CUI handling (spillage / marking / mishandling), ITAR + EAR violations, foreign-person access (unauthorized + blocked), classified-environment misuse + SCIF policy violations + AI-generated classified-marking errors, NISPOM insider-threat flags, CMMC POA\u0026M failures + SPRS discrepancies, AI-tool supply-chain compromise. DFARS 72-hour clock enforced at the published-Card level (mirrors audit-stream invariant).\n  - [`cui-data-vault-contract-profile`](https://github.com/mizcausevic-dev/cui-data-vault-contract-profile) — **DESIGN CENTERPIECE. FIRST Suite vault contract with 3 orthogonal typed policy axes** (`cui_handling_policy` 9 tiers × `export_control_handling_policy` 4 tiers × `foreign_person_handling_policy` 5 tiers). `resolvePolicy()` intersects all 3 axes at runtime — most-restrictive axis wins. **`cross_binding_refs` as REQUIRED schema fields** publish sibling repos (audit-stream + evidence-bundle + incident-card) — DefenseTech is the first vertical where the vault contract is the explicit cross-binding centerpiece of the 6-pack. 4 runtime invariants: distribution_statement on CUI-Specified+; us-person-verified min on ITAR; audit_stream_event + fso_cosign on CLASSIFIED-*; audit_stream_event on AUTHORIZED-FOREIGN-PERSON (per-event DDTC review).\n- **Polyglot Operator Reporting lane** — three new operator surfaces in three different runtimes, each picked because the language fits the problem (mobile briefings → Flutter, scientific optimization → Julia, warehouse-style mart → Python). All v1.0-prod, all subdomain-deployed:\n  - [`flutter-operator-console`](https://github.com/mizcausevic-dev/flutter-operator-console) → [flutter.kineticgain.com](https://flutter.kineticgain.com/) — Flutter web operator console: signal triage, briefings, dispatch posture\n  - [`capacity-optimizer-jl`](https://github.com/mizcausevic-dev/capacity-optimizer-jl) → [capacity.kineticgain.com](https://capacity.kineticgain.com/) — Julia + JuMP capacity planning, constraint optimization, scenario diffs\n  - [`regulatory-reporting-mart`](https://github.com/mizcausevic-dev/regulatory-reporting-mart) → [reporting.kineticgain.com](https://reporting.kineticgain.com/) — Python warehouse-style mart: docket readiness, evidence packets, deadline pressure, late-risk\n\nCurrent public GitHub count: **472 repos** (LegalTech 6-pack + EnergyTech 6-pack + DefenseTech 6-pack + matter-decision-record-audit-stream-reference). Operator-surface hardening backlog (squad doctrine v1.1): **49 .kineticgain.com subdomains** now at `v1.0-prod`, every Codex-shipped v0.1 caught up — zero gaps remaining at the cutoff. The full grouped index is at [kineticgain.com/constellation](https://kineticgain.com/constellation/). Constellation security posture: **30 / 30 buyer-facing surfaces at A/90** on the kg-header-audit rubric — HSTS preload-ready, CSP locked, fonts self-hosted, COEP `require-corp` enabled.\n\n### 🪝 Request-time governance bridge family\n\nThree sibling repos enforce a buyer's **AI Procurement Decision Card → PolicyBundle** at request time, one per upstream surface — the v2 strategy's IBM-credibility flagship lane. Same primitive (deny-trumps-allow eval, `x-kg-correlation-id` propagation, audit-stream emission), three platforms:\n\n- [`ibm-watsonx-governance-bridge`](https://github.com/mizcausevic-dev/ibm-watsonx-governance-bridge) → [watsonx.kineticgain.com](https://watsonx.kineticgain.com/) — IBM watsonx.ai (Python · IBM Cloud IAM · Code Engine deploy manifest · **v1.0-prod**)\n- [`azure-openai-governance-bridge`](https://github.com/mizcausevic-dev/azure-openai-governance-bridge) — Azure OpenAI (Python · Azure Functions v2 · Bicep IaC)\n- [`mcp-permission-broker`](https://github.com/mizcausevic-dev/mcp-permission-broker) — Model Context Protocol transport (the MCP-side sibling)\n\n### 🛡️ Decision Card → vault contract family\n\nSame buyer-published AI Procurement Decision Card (now at **v0.3**), a different enforcement axis: instead of gating *requests*, this family gates *field-level PII at the seam*. The Decision Card declares `data_vault_targets[]` (v0.2 — who can read) and `retention_envelope[]` (v0.3 — how long the data lives and how deletion is signed). Four sibling surfaces consume one contract:\n\n- [`ai-procurement-decision-spec`](https://github.com/mizcausevic-dev/ai-procurement-decision-spec) — the JSON Schema (v0.2 adds `data_vault_targets`, v0.3 adds `retention_envelope` with per-field TTL + ed25519-signed deletion-proof endpoints)\n- [`kg-skyyflow-klaviyo-bridge`](https://github.com/mizcausevic-dev/kg-skyyflow-klaviyo-bridge) — Node lib + CLI · `audit` · `tokenize` · `detokenize` · `transform` (webhook → Klaviyo) · per-field protection levels (`none` / `masked` / `tokenized`) · **v0.2.0** · AGPL-3.0\n- [`skyyflow-klaviyo-bridge-console`](https://github.com/mizcausevic-dev/skyyflow-klaviyo-bridge-console) — React + Vite operator console for the bridge engine: dashboard · live webhook simulator with a 3-stage animated pipeline · field mapper · sync log stream\n- [`rag-sentinel`](https://github.com/mizcausevic-dev/rag-sentinel) — tokenize-before-index for RAG pipelines (server-side enforcement of the same contract)\n- [`deal-desk-workspace`](https://github.com/mizcausevic-dev/deal-desk-workspace) — RBAC-aware reveal for the deal-desk surface (client-side enforcement of the same contract)\n\nOne Decision Card, four enforcement points. Same `SkyyflowVault` interface across server-side (rag-sentinel), client-side (deal-desk-workspace, console), pipeline-side (bridge lib), and CLI.\n\n### 🧰 Developer Toolkit\n\nFourteen new public repos now sit underneath the portfolio as a reusable **developer toolkit** layer:\n\n- `MCP governance` — [`mcp-registry-risk-scanner`](https://github.com/mizcausevic-dev/mcp-registry-risk-scanner) · [`mcp-tool-card-generator`](https://github.com/mizcausevic-dev/mcp-tool-card-generator) · [`mcp-tools-diff`](https://github.com/mizcausevic-dev/mcp-tools-diff)\n- `GenAI observability` — [`agent-trace-normalizer`](https://github.com/mizcausevic-dev/agent-trace-normalizer) · [`llm-cost-span-exporter`](https://github.com/mizcausevic-dev/llm-cost-span-exporter) · [`rag-evidence-trace-linker`](https://github.com/mizcausevic-dev/rag-evidence-trace-linker)\n- `K8s control planes` — [`governance-disclosure-operator`](https://github.com/mizcausevic-dev/governance-disclosure-operator) · [`llm-cost-budget-operator`](https://github.com/mizcausevic-dev/llm-cost-budget-operator) · [`scheduled-audit-operator`](https://github.com/mizcausevic-dev/scheduled-audit-operator)\n- `Agent-runtime adapters` — [`agent-tool-adapters`](https://github.com/mizcausevic-dev/agent-tool-adapters) · [`agent-card-runtime-adapters`](https://github.com/mizcausevic-dev/agent-card-runtime-adapters)\n- `Knowledge graph + evidence` — [`rag-evidence-graph`](https://github.com/mizcausevic-dev/rag-evidence-graph) · [`wellknown-index-aggregator`](https://github.com/mizcausevic-dev/wellknown-index-aggregator)\n\nThese are not customer-facing protocol specs. They are the implementation toolkit underneath the protocol layer: manifest scanning, disclosure generation, tool drift detection, runtime adapters, evidence integrity, cost spans, and Kubernetes-native governance publishing.\n\n---\n\n## 🧭 Next horizon — Vertical × Monetization matrix (v2 expansion)\n\nThe next ~10 operator-surface repos are organized as **three sub-verticals × four-tier monetization ladder**, with SEO and security posture as first-class concerns on every repo. Each lane lands on a real enterprise platform; each repo carries the credible \"from someone who lived in this stack\" hook — **IBM** enterprise integration · **CyberArk** identity · **Alteryx** analytics.\n\n**Three sub-verticals:**\n\n| Sub-vertical | Platforms | Buyer | Placement |\n|---|---|---|---|\n| **Workflow / CX** | IBM watsonx Governance · Genesys Cloud · Camunda 8/Zeebe | CISO / CTO / Platform Eng / VP CX | Kinetic Gain Suite |\n| **Workforce / Internal Comm** | UKG Pro · employee-AUP cross-cut · FirstUp *(second-tier priority)* | CISO / Head of HR Tech / Compliance | Kinetic Gain Suite |\n| **Growth Ops** | Klaviyo EP · VWO REST · MarTech-stack cross-cut | CMO / RevOps / Growth Eng | Lane under Kinetic Gain (`growth.kineticgain.com`) — brand split deferred until demand proves it |\n\n**Four-tier monetization ladder per repo (honest tier wording):**\n\n| Tier | What ships | Pricing | README phrasing |\n|---|---|---|---|\n| **1 · Free operator surface** | Public README + static dashboard + CLI + synthetic fixtures at `\u003crepo\u003e.kineticgain.com` | $0 | \"Free now\" — only once deployed and CI-green |\n| **2 · Template / policy pack** | Governance YAMLs · dashboard configs · audit checklist templates · CSV starter datasets | $49–$199 | \"Template pack available\" OR \"Template pack planned\" — never imply available if not |\n| **3 · Hosted SaaS** | OAuth into tenant · multi-tenant scheduling · signed evidence packets | $99–$499 / mo | \"Hosted preview\" — only when a real OAuth + tenant path exists; otherwise omit |\n| **4 · KGE module** | Embedded in-app dashboard inside the customer's own product, per [kineticgain.com/embedded](https://kineticgain.com/embedded/) | $1.5K–$7.5K / mo | \"Embedded available by engagement\" — direct-contract phrasing, no signup form |\n\n\u003e **Tier-4 runtime SDK shipped (2026-05-30):** [`kinetic-gain-embedded`](https://github.com/mizcausevic-dev/kinetic-gain-embedded) v0.1 — drop-in TypeScript SDK (Apache-2.0, zero runtime deps, dual ESM/CJS) for B2B SaaS embedders. Emits hash-chained audit events, enforces Decision Card vault contracts before AI tools touch sensitive data, signs with ed25519. 42 tests across 4 suites; CI matrix on Node 20+22. The runtime side of the Suite; hosted tiers stack on top.\n\nDefault for a tier-1-only repo: list tiers 1 + 2-planned only. No SaaS-looking promises without an OAuth + billing + tenant + support motion behind them.\n\n**Cross-cutting (every repo, no exceptions):**\n- **SEO** — dark slate/blue theme · descriptive dofollow anchors · `/.well-known/` Suite docs · hub-and-spoke interlinking · GH topics + homepage set · sitemap entry\n- **Security** — read-only by default · minimal OAuth scopes · no tenant credentials in repo · synthetic fixtures only · evidence packets signed (ed25519 once `pulse-signing.json` ships)\n- **Compliance language (broad)** — across **HIPAA · FERPA · SOC 2 · GDPR · ISO 27001 · accessibility (WCAG/ADA) · AI governance (NIST AI RMF, EU AI Act, ISO 42001)**: always frame as `readiness · evidence · posture · controls · scaffolding`. Never \"certified\" / \"compliant\" unless truly audited and currently attested. No \"BAA\" / \"DPA\" / \"PHI\" / \"PII\" / \"audit ready\" promises without legal review.\n- **Anti-overlap discipline** — before opening any new repo, document core primitive · target buyer · target platform · monetization tier path · nearest existing repo · why distinct. Blocks the \"same surface, different wrapper\" drift.\n- **Pulse universe entry** — every deploy adds its CNAME to the [AI Procurement Pulse](https://pulse.kineticgain.com/) universe, additively · async if possible · non-fatal on failure. Pulse-entry never blocks a publish.\n\n**Phase 0 anchors (founder-credibility-ordered):**\n1. [`ibm-watsonx-governance-bridge`](https://github.com/mizcausevic-dev) — **founder-credibility flagship.** IBM is the most credible \"lived in this stack\" hook in the portfolio; watsonx Governance is the cleanest disclosure-shaped target.\n2. [`genesys-cx-disclosure-board`](https://github.com/mizcausevic-dev) — **enterprise workflow/CX flagship.** Warmest CISO/VP-CX buyer + highest tier-4 KGE fit.\n3. [`klaviyo-flow-consent-audit`](https://github.com/mizcausevic-dev) — **Growth Ops flagship.** Cleanest CMO/RevOps narrative; consent-state lineage is a timely angle.\n\nThree anchors prove the four-tier ladder in three distinct buyer contexts before the remaining 7 fill out at tier-1 + tier-2-planned. FirstUp deferred to second-tier priority — good fit, weaker instant recognition than IBM/Genesys/Camunda/UKG/Klaviyo/VWO.\n\n---\n\n## 🚀 Live Now — 60+ properties + implementation stack\n\nThe portfolio runs on **two parallel layers** that compose:\n\n1. **A growing network of productized open-source properties** live at `kineticgain.com` subdomains — front doors, per-spec landings, operator dashboards, vertical command surfaces, vendor directory, and prompt-injection bench. All push-to-deploy via GitHub Actions FTP CI/CD. Front door: **[suite.kineticgain.com](https://suite.kineticgain.com)** · Quickstart hub: **[docs.kineticgain.com](https://docs.kineticgain.com)** · **Live portfolio constellation across every public repo: [portfolio.kineticgain.com](https://portfolio.kineticgain.com)**.\n2. **Fifteen-repo Suite Implementation Stack** — the software that *consumes* the [Kinetic Gain Protocol Suite](#-kinetic-gain-protocol-suite) specs. Decision Intelligence engines · Platform Reliability primitives · MCP servers · data-contract enforcement · ed25519 attestation · drift detection · streaming validators. All CI-green, all semver-tagged at v0.1.0, all MIT-licensed. **Four cross-ecosystem hooks** chain them into one composable system. The catalog: [**Suite × Implementations**](https://github.com/mizcausevic-dev/kinetic-gain-protocol-suite#-suite--implementations). The compliance mapping: [**NIST AI RMF crosswalk**](https://suite.kineticgain.com/docs/nist-rmf-crosswalk.md) (v0.2 includes the implementation-tooling alignment).\n\n### 🕸️ How it composes\n\n```mermaid\nflowchart TB\n    classDef spec fill:#10b981,stroke:#065f46,color:#fff,stroke-width:2px\n    classDef hook fill:#3b82f6,stroke:#1e40af,color:#fff,stroke-width:2px\n    classDef sup fill:#f3f4f6,stroke:#6b7280,color:#1f2937\n    classDef stream fill:#f59e0b,stroke:#92400e,color:#fff\n    classDef mcp fill:#a855f7,stroke:#581c87,color:#fff,stroke-width:2px\n\n    SPECS[\"📐 11 Kinetic Gain Protocol Suite specs\u003cbr/\u003eAEO · Agent · Tool · Tutor · AUP · Disclosure\u003cbr/\u003eEvidence · Provenance · Clinical · Incident · Decision\"]:::spec\n\n    SPECS --\u003e|\"#1 ingest Suite docs\"| PDA[\"procurement-decision-api\u003cbr/\u003edrafts Decision Cards\"]:::hook\n    PDA --\u003e|\"#2 conditions → runtime gates\"| PAC[\"policy-as-code-engine\u003cbr/\u003ePolicyBundle enforcement\"]:::hook\n    PDA --\u003e|\"#3 extract owners\"| DCR[\"data-contract-registry\u003cbr/\u003eschema + SLAs\"]:::hook\n    DCR --\u003e|\"#4 streaming CSV check\"| CDQ[\"csv-data-quality-rs\u003cbr/\u003erow-by-row validation\"]:::hook\n\n    SPECS -.-\u003e|sign + verify| HA[\"hash-attestation-rs\u003cbr/\u003eed25519 over canonical hash\"]:::sup\n    SPECS -.-\u003e|drift detection| AVS[\"aeo-validator-service\u003cbr/\u003ealways-on validation\"]:::sup\n    AVS -.-\u003e|JSONL feed| AGE[\"aeo-graph-explorer-rs\u003cbr/\u003egraph-query layer #5\"]:::sup\n    SPECS -.-\u003e|incident → plan| ICR[\"incident-correlation-rs\u003cbr/\u003eSuite-graph BFS\"]:::sup\n    ICR -.-\u003e|drives| PAC\n\n    PDA --\u003e AS\n    PAC --\u003e AS\n    DCR --\u003e AS\n    AVS --\u003e AS\n    ICR --\u003e AS\n    HA --\u003e AS\n    AS[\"📋 audit-stream-py\u003cbr/\u003ehash-chained tamper-evident spine\"]:::stream\n\n    SPECS ==\u003e|spec tools| MCP\n    PDA ==\u003e|preview tools| MCP\n    AS ==\u003e|event tools| MCP\n    HA ==\u003e|verify tools| MCP\n    MCP[\"🤖 mcp-kinetic-gain v0.7.1\u003cbr/\u003e63 tools · one Claude Desktop config entry\"]:::mcp\n```\n\n**Green** = spec layer (the foundation). **Blue** = the four cross-ecosystem hooks that make it a stack rather than a pile. **Grey** = supporting implementation tools that feed into either side. **Amber** = the tamper-evident audit spine every governance moment writes to. **Purple** = the unified MCP surface that exposes the whole thing to Claude through one config entry.\n\n### 📋 The audit-stream spine — seven producers, two ecosystems\n\nZoom in on the amber spine: every governance moment in the stack writes to **one hash-chained, tamper-evident log** via `audit-stream-py`. Same opt-in env-var contract (`AUDIT_STREAM_URL`) across all seven producers; same best-effort semantics (a failed POST is logged, never raised). **17 event kinds, seven producers, four FastAPI services + three Rust crates**, all feeding one verifiable narrative an auditor can replay end-to-end.\n\n```mermaid\nflowchart LR\n    classDef pyprod fill:#3b82f6,stroke:#1e40af,color:#fff,stroke-width:2px\n    classDef rsprod fill:#dea584,stroke:#92400e,color:#1f2937,stroke-width:2px\n    classDef spine fill:#f59e0b,stroke:#92400e,color:#fff,stroke-width:3px\n    classDef sink fill:#f3f4f6,stroke:#6b7280,color:#1f2937\n\n    PDA[\"procurement-decision-api\u003cbr/\u003ePython · FastAPI\"]:::pyprod\n    AVS[\"aeo-validator-service\u003cbr/\u003ePython · FastAPI\"]:::pyprod\n    PCE[\"policy-as-code-engine\u003cbr/\u003ePython · FastAPI\"]:::pyprod\n    DCR[\"data-contract-registry\u003cbr/\u003ePython · FastAPI\"]:::pyprod\n    HA[\"hash-attestation\u003cbr/\u003eRust · crypto library\"]:::rsprod\n    ICR[\"incident-correlation\u003cbr/\u003eRust · graph library\"]:::rsprod\n    AGE[\"aeo-graph-explorer\u003cbr/\u003eRust · axum service\"]:::rsprod\n\n    PDA --\u003e|\"decision_card_drafted\"| AS\n    AVS --\u003e|\"watch_created\u003cbr/\u003ewatch_drifted\u003cbr/\u003ewatch_validity_flipped\"| AS\n    PCE --\u003e|\"policy_bundle_registered\u003cbr/\u003erequest_allowed\u003cbr/\u003erequest_denied\"| AS\n    DCR --\u003e|\"contract_promoted\u003cbr/\u003econtract_deprecated\u003cbr/\u003econtract_compatibility_failed\"| AS\n    HA --\u003e|\"attestation_signed\u003cbr/\u003eattestation_verified\u003cbr/\u003eattestation_failed\"| AS\n    ICR --\u003e|\"incident_correlated\u003cbr/\u003eincident_correlation_failed\"| AS\n    AGE --\u003e|\"graph_ingested\u003cbr/\u003egraph_ingest_failed\"| AS\n\n    AS{{\"📋 audit-stream-py\u003cbr/\u003ehash-chained · tamper-evident\u003cbr/\u003eSSE live tail · REST query · GET /verify\"}}:::spine\n\n    AS --\u003e|GET /events/stream| LT[\"governance dashboards\u003cbr/\u003e(live tail)\"]:::sink\n    AS --\u003e|GET /events| Q[\"compliance evidence\u003cbr/\u003e(REST query)\"]:::sink\n    AS --\u003e|GET /verify| V[\"auditor replay\u003cbr/\u003e(walk the chain)\"]:::sink\n```\n\n**Blue** = Python FastAPI producers. **Tan** = Rust producers (two libraries gated behind `--features audit-stream` so library consumers can strip out the HTTP dep, one axum service with the feature on by default). **Amber** = the spine itself. **Grey** = the three downstream surfaces auditors and operators consume.\n\n### 🧮 Apex executive tools — kineticgain.com browser-only surfaces\n\nShipped **2026-05-31** as a coherent apex layer for the buyers who can't easily map a Suite spec to a same-day decision. Vanilla JS, inline CSS, JS\u003c30KB per page, strict CSP, no login, no telemetry. Aligned in vocabulary with NIST AI RMF, EU AI Act, ISO/IEC 42001, GDPR Art. 28, ISO/IEC 27018, SOC 2 CC9.2 — never \"compliant\" / \"certified\" without external attestation.\n\n| Path | What it does | Buyer |\n|---|---|---|\n| [**kineticgain.com/calculators/**](https://kineticgain.com/calculators/) | **Six math-rubric calculators** — AI build-vs-buy, cloud replatform ROI, compliance cost of delay, security breach exposure, AI use-case prioritizer, vendor renewal decision. Transparent formulas, dollar-impact ranges. | CFO · CIO · CTO · COO · Procurement |\n| [**kineticgain.com/trust/**](https://kineticgain.com/trust/) | **Trust Pack — 8 tools** — AI System Card Builder · Evidence Locker · Shadow AI Discovery · AI Vendor Intake · AI Incident Tabletop · Risk Register · Subprocessor Disclosure Template · Vendor AI Disclosure Review (Pulse compound). | Head of Trust · CISO · GC · DPO |\n| [**kineticgain.com/portfolio-triage/**](https://kineticgain.com/portfolio-triage/) | **9-dimension per-portco scoring** — verdict bands (help-now · operator-support · prepare-for-diligence · monitor · leave-alone), CSV/JSON/MD export. | PE operating partner · VC ops · Holdco |\n| [**kineticgain.com/kill-list/**](https://kineticgain.com/kill-list/) | **Complexity tax audit** — 8 drag categories × 3 prompts; ranked stop-doing list. | COO · Operations leader |\n| [**kineticgain.com/policies/**](https://kineticgain.com/policies/) | **10-vertical readiness spec aggregator** — index linking the HIPAA/FERPA/ECOA/NAIC/EEOC/CFPB/OMB/ABA/NERC CIP/DFARS readiness specs from the Suite. | All buyers · readiness research |\n\nCompanion: **[kinetic-gain-embedded](https://github.com/mizcausevic-dev/kinetic-gain-embedded) SDK** ships a [`docs/sales/PROCUREMENT-PACKET.md`](https://github.com/mizcausevic-dev/kinetic-gain-embedded/blob/main/docs/sales/PROCUREMENT-PACKET.md) — KGE-enabled 17-section fill-in template for the inverse audience (the SaaS founder selling INTO an enterprise security review, leveraging KGE's hash-chained audit + vault-contract tokenization as verifiable claims).\n\n### 🏥 Squad triage 2026-05-31 — five new lanes (65 v1.0-prod + 21 LIVE on Marketplace + npm publish)\n\nA 115-repo Codex squad backlog triaged + classified + 92% drained in one continuous session. Three coherent product lanes emerged in the first pass. A 4th lane (Sales Enablement) crystallized later same day from Codex's evening ship-out. A 5th lane (Executive Intelligence) followed from a 9-repo product-judgment triage — 5 surfaces survived buyer-distinguishability, 4 archived with supersession notes.\n\n#### 📐 Operator Diagnostics — narrowly-scoped operator data tools\nDistinct from `/trust/` governance scaffolding and `/calculators/` rubric math. Net-new lane after 10 exec-family duplicates were archived publicly with supersession notes pointing at the apex executive-tools layer.\n\n| Live surface | Buyer | What it does |\n|---|---|---|\n| [**reality.kineticgain.com**](https://reality.kineticgain.com/) | CFO · Board · Vendor-claim review | Claims-vs-Reality Engine — vendor-claim/proof-gap scoring + board-ready diligence output |\n| [**revenue.kineticgain.com**](https://revenue.kineticgain.com/) | CRO · Growth Ops | Revenue Infrastructure Scorecard — pipeline integrity, attribution health, conversion-stack maturity |\n| [**replace.kineticgain.com**](https://replace.kineticgain.com/) | CFO · CIO · Procurement | Vendor Replacement Intelligence — narrower than the rubric Vendor Renewal calc; surfaces switching-cost data |\n| [**members.kineticgain.com**](https://members.kineticgain.com/) | Growth Ops · WordPress | WordPress Member Journey Consent Kit — lifecycle consent evidence across login/profile/upgrade/cancel |\n\nPending Codex CI fixes (issues filed): identity.kineticgain.com · martech.kineticgain.com · experiments.kineticgain.com · margin.kineticgain.com.\n\n#### 🩺 HealthTech operator surfaces — clinical + GxP-territory depth\nEight clinical / GxP-territory operator surfaces. Each explicitly states \"no claim of HIPAA / GMP / GxP / FDA compliance\" — readiness/posture/scaffolding only. Synthetic data, no patient/clinician/biotech secrets.\n\n[**gxp**](https://gxp.kineticgain.com/) (Change Control Board) · [**assay**](https://assay.kineticgain.com/) (Release Readiness) · [**capa**](https://capa.kineticgain.com/) (Deviation/CAPA Ledger) · [**narrative**](https://narrative.kineticgain.com/) (Clinical Event Review) · [**diagnostics**](https://diagnostics.kineticgain.com/) (QC Evidence Router) · [**instruments**](https://instruments.kineticgain.com/) (Instrument Change Audit) · [**safety**](https://safety.kineticgain.com/) (Pharmacovigilance Signal Router) · [**specimen**](https://specimen.kineticgain.com/) (Chain Of Custody Console)\n\n#### 📐 Polyglot proof expansion — Julia + R + Python operator surfaces\nSeven new entries to the Polyglot Platform Stack: **3 Julia** ([appeals](https://appeals.kineticgain.com/) Campaign Appeal Fatigue Monitor · [treasury](https://treasury.kineticgain.com/) Liquidity Signal Lab · [yield](https://yield.kineticgain.com/) Forecast Studio), **3 R** ([care](https://care.kineticgain.com/) Variation Analysis · [loss](https://loss.kineticgain.com/) Claims Trend Lab · [donors](https://donors.kineticgain.com/) Cohort Risk Lab), **1 Python** ([outcomes](https://outcomes.kineticgain.com/) Program Outcome Proof Ledger).\n\n#### 🤝 Sales Enablement Stack — buyer-diligence response (NEW lane)\nThe seller-side counterpart to the buyer-trust tooling at `/trust/`. Four operator surfaces that compress the cycle time of vendor-diligence response — proof-gap monitoring, trust-center evidence packaging, security-questionnaire answering, RFP assembly. Same readiness/posture/scaffolding vocabulary discipline (no \"compliant\" / \"certified\" claims).\n\n| Live surface | Buyer | What it does |\n|---|---|---|\n| [**proofgap.kineticgain.com**](https://proofgap.kineticgain.com/) | Sales · Diligence response | Vendor Proof Gap Monitor — claim coverage, evidence freshness, benchmark confidence, reuse safety |\n| [**trust.kineticgain.com**](https://trust.kineticgain.com/) | Sales · Trust ops | Trust Center Evidence Room — evidence packaging, artifact freshness, review readiness, buyer-safe diligence posture |\n| [**questionnaire.kineticgain.com**](https://questionnaire.kineticgain.com/) | Sales · Security response | Security Questionnaire Answer Studio — answer library, response ownership, cycle-time reduction, trust-evidence reuse |\n| [**rfp.kineticgain.com**](https://rfp.kineticgain.com/) | Sales · Procurement response | RFP Response Assembler — RFP coverage, differentiation, evidence reuse, submission readiness |\n\n#### 🧠 Executive Intelligence Stack — board-prep + investor-facing (NEW lane)\nSurvivors of the 9-repo exec-family product judgment triage. Each carries a buyer-distinguishable promise (rather than the \"executive-intelligence template prose\" word-salad that got the other 4 archived).\n\n| Live surface | Buyer | What it does |\n|---|---|---|\n| [**sparring.kineticgain.com**](https://sparring.kineticgain.com/) | Founder · CEO · Board prep | Boardroom Sparring Partner — board-prep Q\u0026A rehearsal, pushback, memo posture, investor-facing readiness |\n| [**thesis.kineticgain.com**](https://thesis.kineticgain.com/) | Founder · Fundraising | Category Thesis Builder — investor-ready category framing, why-now clarity, thesis-defensible narrative |\n| [**exit.kineticgain.com**](https://exit.kineticgain.com/) | Founder · Pre-exit | Exit Room — exit-readiness intelligence, red flags, diligence gaps, investor-facing deal posture |\n| [**style.kineticgain.com**](https://style.kineticgain.com/) | Brand · Design system | Brand Governance Styleguide — approved tokens, pattern approvals, release-safe style posture |\n| [**release.kineticgain.com**](https://release.kineticgain.com/) | DevEx · Platform release | Release Readiness Shell Kit — bash-native launch blockers, rollback posture, freeze windows |\n\n(Subdomain HTTPS provisioning is first-time-on-Pages; full SSL lands within 24h. HTTP confirms content is live.)\n\n#### ⚙️ +21 GitHub Actions LIVE on GitHub Marketplace\nAll 21 protocol PR-gate + governance Actions [LIVE on GitHub Marketplace](https://github.com/marketplace?type=actions\u0026query=Kinetic+Gain) as of 2026-05-31. Each has `v0.1.0` exact-version + floating `v0.1` major-version tags for consumer pinning:\n\n```yaml\nuses: mizcausevic-dev/agent-card-diff-action@v0.1      # floating major (auto-update within 0.1.x)\nuses: mizcausevic-dev/agent-card-diff-action@v0.1.0    # exact pin\n```\n\nSee full per-protocol breakdown under **🎯 PR-Gate GitHub Actions** below.\n\n#### 📦 Kinetic Gain Embedded LIVE on npm\n[`kinetic-gain-embedded@0.1.1`](https://www.npmjs.com/package/kinetic-gain-embedded) published to npm with provenance attestation (Apache-2.0, dual ESM/CJS, zero runtime deps, Node 20+). Drop-in audit-stream + Decision Card vault contract SDK for B2B SaaS embedders:\n\n```bash\nnpm install kinetic-gain-embedded\n```\n\n[Pricing tiers](https://kineticgain.com/embedded/pricing/) · [Procurement Packet template](https://github.com/mizcausevic-dev/kinetic-gain-embedded/blob/main/docs/sales/PROCUREMENT-PACKET.md) · [Synthetic case study](https://github.com/mizcausevic-dev/kinetic-gain-embedded/blob/main/docs/case-studies/healthtech-saas-rollout.md)\n\n### Hubs + tools\n\n| Property | What it does | Buyer |\n|---|---|---|\n| [**suite.kineticgain.com**](https://suite.kineticgain.com) | **Kinetic Gain Protocol Suite** — canonical front door for all 11 open AI governance specs + [NIST AI RMF crosswalk](https://suite.kineticgain.com/docs/nist-rmf-crosswalk.md) | Recruiters / investors / generalist |\n| [**docs.kineticgain.com**](https://docs.kineticgain.com) | **Quickstart hub** — per-role guides (CISO / district / healthcare vendor / answer engine) + canonical `/.well-known/` path map | New visitors / implementers |\n| [**directory.kineticgain.com**](https://directory.kineticgain.com) | **Vendor directory** — curated list of domains publishing Kinetic Gain documents | Procurement reviewers |\n| [**examples.kineticgain.com**](https://examples.kineticgain.com) | **Examples gallery** — pick a spec, see its canonical example with JSON highlight | Developers / spec authors |\n| [**walker.kineticgain.com**](https://walker.kineticgain.com) | **well-known-walker** — paste any domain, see every Kinetic Gain disclosure it publishes | Procurement / Risk reviewers |\n| [**bench.kineticgain.com**](https://bench.kineticgain.com) | **prompt-injection-bench** — visual harness, paste a JSONL transcript, see pass rates | CISO / Red-team / Trust \u0026 Safety |\n| [**pulse.kineticgain.com**](https://pulse.kineticgain.com) | **AI Procurement Pulse** — quarterly research index of vendor AI governance disclosure across the open internet | Journalists / Analysts / Buyers |\n\n### Per-spec landing pages (one per spec in the Suite)\n\n| Property | Spec | Buyer |\n|---|---|---|\n| [**aeo.kineticgain.com**](https://aeo.kineticgain.com) | AEO Protocol — interactive visualizer | Platform Eng / AEO |\n| [**prompts.kineticgain.com**](https://prompts.kineticgain.com) | Prompt Provenance | LLM Platform / SRE |\n| [**agents.kineticgain.com**](https://agents.kineticgain.com) | Agent Cards | Platform Eng / Procurement |\n| [**evidence.kineticgain.com**](https://evidence.kineticgain.com) | AI Evidence Format | RAG / Search / Answer engines |\n| [**toolcards.kineticgain.com**](https://toolcards.kineticgain.com) | MCP Tool Cards | MCP authors / Platform Sec |\n| [**tutor.kineticgain.com**](https://tutor.kineticgain.com) | AI Tutor Cards | EdTech / District Procurement |\n| [**student.kineticgain.com**](https://student.kineticgain.com) | Student AI Disclosure | Academic integrity / LMS |\n| [**aup.kineticgain.com**](https://aup.kineticgain.com) | Classroom AI AUP | District / school / instructor |\n| [**clinical.kineticgain.com**](https://clinical.kineticgain.com) | Clinical AI Disclosure (HIPAA / FDA / SaMD) | Hospital CMIO / Compliance |\n| [**incidents.kineticgain.com**](https://incidents.kineticgain.com) | AI Incident Card — \"CVE for AI agents\" | CISO / Trust \u0026 Safety |\n| [**decisions.kineticgain.com**](https://decisions.kineticgain.com) | AI Procurement Decision Card — the buyer-side artifact (spec #11) | Procurement / District / Agency |\n\n### Earlier product surfaces\n\n| Property | What it does | Buyer |\n|---|---|---|\n| [**gv.kineticgain.com**](https://gv.kineticgain.com) | **GitVisualizer** — visual portfolio intelligence for any GitHub user | Engineering / Hiring |\n| [**mcp.kineticgain.com**](https://mcp.kineticgain.com) | **MCP Sentinel** — governance dashboard for Model Context Protocol servers | CISO / Platform Security |\n| [**rag.kineticgain.com**](https://rag.kineticgain.com) | **RAG Sentinel** — hallucination, drift, and citation quality monitoring | ML / AI Ops |\n| [**observe.kineticgain.com**](https://observe.kineticgain.com) | **AgentObserve** — operator console for AI agent fleets | SRE / Platform |\n\nAcross the live property network: mix of AGPL-3.0 and Apache-2.0, CI green, push-to-deploy via FTP Action. The current mix includes React + TypeScript operator apps, hand-written static HTML landings, and newer vertical command surfaces.\n\n---\n\n## 🏭 Industry Atlas — vertical operator control planes\n\nFifteen standalone **vertical operator surfaces**, each a TypeScript control plane for a regulated/operations workflow — intake → risk \u0026 obligation mapping → posture → safe escalation. Codex ships at `v0.1-shipped`; I (Platform/SRE) harden each to **`v1.0-prod`**: CI on Node 20 + 22, ≥60% service-test coverage, AGPL-3.0, Dependabot, `npm audit`, `SECURITY.md`, static prerender → GitHub Pages. All live, all CI-green.\n\n| Live surface | Vertical | What it does |\n|---|---|---|\n| [**dockets** → live](https://mizcausevic-dev.github.io/regulatory-comment-intelligence-hub/) | GovTech / RegTech | Regulatory comment intake, obligation mapping, approval posture, evidence-packaged submission *(dockets.kineticgain.com provisioning)* |\n| [**clauses.kineticgain.com**](https://clauses.kineticgain.com) | LegalTech | Clause extraction, obligation graphs, review blockers, renewal-safe execution |\n| [**priorauth.kineticgain.com**](https://priorauth.kineticgain.com) | Digital Health | Prior-auth evidence routing, payer rules, approval-safe escalation |\n| [**consent.kineticgain.com**](https://consent.kineticgain.com) | Digital Health | Consent state, audit streams, revocation-safe escalation |\n| [**shipments.kineticgain.com**](https://shipments.kineticgain.com) | Supply Chain | Shipment exceptions, carrier rules, SLA-safe recovery |\n| [**downtime.kineticgain.com**](https://downtime.kineticgain.com) | Manufacturing | Downtime incidents, root-cause blockers, restart-safe escalation |\n| [**dispatch.kineticgain.com**](https://dispatch.kineticgain.com) | Mobility | Dispatch readiness, route adherence, SLA-safe intervention |\n| [**catalog.kineticgain.com**](https://catalog.kineticgain.com) | Commerce | Catalog schema governance, dependency blockers, release-safe field changes |\n| [**campaigns.kineticgain.com**](https://campaigns.kineticgain.com) | Growth / MarTech | Campaign taxonomy, audience blockers, launch-safe conventions |\n| [**creators.kineticgain.com**](https://creators.kineticgain.com) | Creator economy | Partnership deal desk, obligation blockers, launch-safe collaboration |\n| [**bookings.kineticgain.com**](https://bookings.kineticgain.com) | Travel / Hospitality | Booking disruptions, recovery blockers, guest-communication posture |\n| [**permits.kineticgain.com**](https://permits.kineticgain.com) | Construction / GovTech | Permit-package readiness, inspection posture, construction-safe submission |\n| [**crops.kineticgain.com**](https://crops.kineticgain.com) | AgriTech | Crop-compliance observations, field-review triage, buyer-safe packet posture |\n| [**menus.kineticgain.com**](https://menus.kineticgain.com) | Food / Restaurant Tech | Menu availability sync, channel posture, launch-safe conventions |\n| [**stores.kineticgain.com**](https://stores.kineticgain.com) | Retail / Store Ops | Store incident triage, SLA blockers, reopen-safe recovery posture |\n\n\u003e HealthTech surfaces (`priorauth`, `consent`) are **HIPAA-readiness scaffolding only** — synthetic data, no PHI; see each repo's `SECURITY.md`.\n\n---\n\n## 🎯 PR-Gate GitHub Actions — quintets across every protocol\n\n**Seventeen Action wrappers** that turn every Kinetic Gain protocol library into a per-PR governance gate. Composite Node 20 actions with `dist/index.js` committed for SHA/tag pinning, hermetic tests with injected `gitShow`, AGPL-3.0-or-later, Dependabot-managed.\n\n### Per-protocol diff Action quintet — PR breaking-change gates\n\nEach one retrieves the previous version of a single governance doc via `git show \u003cbase.sha\u003e:\u003cpath\u003e`, diffs against HEAD, posts the structured diff as a PR comment, and fails the build on breaking changes.\n\n| Protocol | Action | Headline breaking-change reasons |\n|---|---|---|\n| A2A AgentCard | [`agent-card-diff-action`](https://github.com/mizcausevic-dev/agent-card-diff-action) | `autonomy-level-elevated`, `tool-side-effects-elevated`, `incident-response-uri-removed`, `refusal-category-removed` |\n| MCP Tool Card | [`mcp-tool-card-diff-action`](https://github.com/mizcausevic-dev/mcp-tool-card-diff-action) | `side-effect-class-escalated`, `pii-exposure-escalated`, `human-approval-removed`, `external-system-added`, `input-schema-changed` |\n| Prompt Provenance | [`prompt-provenance-diff-action`](https://github.com/mizcausevic-dev/prompt-provenance-diff-action) | `prompt-hash-changed`, `approval-state-regressed`, `lineage-parent-changed`, `intent-out-of-scope-changed` |\n| Evidence Bundle | [`evidence-bundle-diff-action`](https://github.com/mizcausevic-dev/evidence-bundle-diff-action) | `item-hash-changed`, `item-removed`, `signature-removed`, `signature-signer-changed`, `bundle-expires-shortened` |\n| OTel GenAI rollup | [`otel-genai-diff-action`](https://github.com/mizcausevic-dev/otel-genai-diff-action) | `cost-increased`, `input-tokens-jumped`, `output-tokens-jumped`, `model-added`, `currency-changed` (configurable threshold) |\n\n### Per-protocol fleet-summary Action quintet — one-doc-vs-fleet checks\n\nEach one summarizes a single doc against the rest of a fleet (a directory of peer docs of the same protocol), surfacing the outliers and posting a structured PR summary.\n\n[`agent-card-fleet-summary-action`](https://github.com/mizcausevic-dev/agent-card-fleet-summary-action) · [`mcp-tool-card-fleet-summary-action`](https://github.com/mizcausevic-dev/mcp-tool-card-fleet-summary-action) · [`prompt-provenance-fleet-summary-action`](https://github.com/mizcausevic-dev/prompt-provenance-fleet-summary-action) · [`evidence-bundle-fleet-summary-action`](https://github.com/mizcausevic-dev/evidence-bundle-fleet-summary-action) · [`otel-genai-fleet-summary-action`](https://github.com/mizcausevic-dev/otel-genai-fleet-summary-action)\n\n### Cross-protocol Suite Actions\n\nThe wiring that ties the per-protocol quintets together across mixed-content repos:\n\n| Action | What it does |\n|---|---|\n| [`kg-protocol-detect-action`](https://github.com/mizcausevic-dev/kg-protocol-detect-action) | Scans a directory of JSON docs and identifies which Suite protocol each belongs to. Routes mixed-content repos to the right per-protocol diff lane. |\n| [`kg-suite-canonicalize-action`](https://github.com/mizcausevic-dev/kg-suite-canonicalize-action) | Canonicalizes every Suite doc in a directory (stable key ordering, hash-ready output). PR-gates drift between canonical and authored forms. |\n| [`kg-suite-conformance-runner-action`](https://github.com/mizcausevic-dev/kg-suite-conformance-runner-action) | Runs spec-conformance checks across every Suite doc in a directory; reports per-spec compliance + per-finding evidence. |\n| [`kg-suite-fleet-overview-action`](https://github.com/mizcausevic-dev/kg-suite-fleet-overview-action) | Protocol-aware fleet overview across all 5 governance protocols in one repo — buckets, doc counts, unrouted-document gate. |\n| [`kg-suite-spec-version-tracker-action`](https://github.com/mizcausevic-dev/kg-suite-spec-version-tracker-action) | Tracks the `*_version` discriminator across every Suite doc in a repo, fails the PR on unsanctioned spec-version upgrades. |\n\n### Specialized PR gates\n\n| Action | What it does |\n|---|---|\n| [`llm-cost-rollup-action`](https://github.com/mizcausevic-dev/llm-cost-rollup-action) | Runs `otel-genai-rollup` across an OTLP trace export and gates the PR on cost budget breaches. |\n| [`k8s-pre-merge-action`](https://github.com/mizcausevic-dev/k8s-pre-merge-action) | Composite gate across the K8s scanner family — deprecated APIs, RBAC over-scope, pod security, Helm values coverage — one Action, one PR comment. |\n| [`procurement-pulse-action`](https://github.com/mizcausevic-dev/procurement-pulse-action) | Probes your own `/.well-known/` for all 11 Suite documents and reports a 0-100 self-score + tier. Three output modes (PR comment / pulse-receipt JSON / self-score SVG badge), two gate modes (`min-score` threshold / `min-tier` ladder). Same probe core as the [Pulse Issue crawler](https://pulse.kineticgain.com/) and the [browser-extension Vendor Inspector](https://github.com/mizcausevic-dev/kineticgain-vendor-inspector). |\n\n**Composition story**: `kg-protocol-detect-action` identifies what protocols live in the repo → the matching per-protocol `*-diff-action` gates breaking changes → the matching `*-fleet-summary-action` surfaces outliers across the fleet → `kg-suite-conformance-runner-action` checks spec conformance → `kg-suite-canonicalize-action` enforces stable serialization → `procurement-pulse-action` self-scores the deployed `/.well-known/` surface. End-to-end PR governance with zero hand-rolled glue.\n\n**Dogfooded on kineticgain.com itself.** [![kg pulse self-score](https://raw.githubusercontent.com/mizcausevic-dev/kineticgain-com-apex/main/docs/pulse-badge.svg)](https://kineticgain.com/.well-known/pulse-receipt.json) Weekly `procurement-pulse-action` run probes the apex and refreshes the badge + the public receipt at [kineticgain.com/.well-known/pulse-receipt.json](https://kineticgain.com/.well-known/pulse-receipt.json).\n\n---\n\n## ✍️ Sveska — local-first notepad PWA\n\nA different discipline from the governance suite: a studio-grade, **offline-first** notepad at **[sveska.studio](https://sveska.studio)**. No account, no telemetry, no cloud dependency — every note lives in the browser's IndexedDB and the app works with the network unplugged.\n\n| | |\n|---|---|\n| **Editor** | CodeMirror 6 rich editor — inline screenshot paste, Markdown highlighting, slash commands, snippets, find/replace, typewriter; classic textarea opt-out |\n| **Depth** | Multi-note tabs · version history + diff · fuzzy search · per-note Excalidraw canvas · streaming AI via a secure edge proxy (zero keys in the client) · `.txt` / `.md` / `.html` / `.pdf` export |\n| **Engineering** | React 18 + TS strict · Zustand · Dexie · vite-plugin-pwa · 281 tests · \u0026lt;180 KB initial JS · accessibility-audited · Cloudflare Pages + edge function |\n\nRepo: [`mizcausevic-dev/sveska`](https://github.com/mizcausevic-dev/sveska) · [v0.8.0](https://github.com/mizcausevic-dev/sveska/releases/tag/v0.8.0) · MIT\n\n---\n\n## 🧬 Kinetic Gain Protocol Suite\n\nA family of **eleven open JSON specifications** for the answer-engine and agent era — five core (AEO, Prompt Provenance, Agent Cards, AI Evidence Format, MCP Tool Cards), a three-spec **EdTech trio** (vendor / district / student), a **HealthTech vertical extension** (Clinical AI Disclosure — HIPAA / FDA / SaMD posture), a cross-cutting **AI Incident Card** that ties everything together post-hoc, and an **AI Procurement Decision Card** that signs off on a vendor's posture across the rest of the Suite. **Two regulated verticals covered. NIST AI RMF crosswalk shipped alongside.** All AGPL-3.0, all v0.1 draft, all `kinetic-gain-protocol-suite` tagged. Single landing: [`kinetic-gain-protocol-suite`](https://github.com/mizcausevic-dev/kinetic-gain-protocol-suite).\n\n### 📐 Specifications\n\n| Spec | What it declares | Detect via |\n|---|---|---|\n| [`aeo-protocol-spec`](https://github.com/mizcausevic-dev/aeo-protocol-spec) | **AEO Protocol** — entity declaration at `/.well-known/aeo.json` | `aeo_version` |\n| [`prompt-provenance-spec`](https://github.com/mizcausevic-dev/prompt-provenance-spec) | **Prompt Provenance** — versioned, lineaged, reviewable LLM prompt records | `provenance_version` |\n| [`agent-cards-spec`](https://github.com/mizcausevic-dev/agent-cards-spec) | **Agent Cards** — declarative agent capability + refusal disclosure | `agent_card_version` |\n| [`ai-evidence-format-spec`](https://github.com/mizcausevic-dev/ai-evidence-format-spec) | **AI Evidence Format** — structured citations for LLM-generated claims | `evidence_version` |\n| [`mcp-tool-card-spec`](https://github.com/mizcausevic-dev/mcp-tool-card-spec) | **MCP Tool Cards** — per-tool disclosure for Model Context Protocol servers | `tool_card_version` |\n| [`ai-tutor-card-spec`](https://github.com/mizcausevic-dev/ai-tutor-card-spec) | **AI Tutor Cards** — EdTech vendor-side: pedagogy, FERPA/COPPA/GDPR posture | `tutor_card_version` |\n| [`student-ai-disclosure-spec`](https://github.com/mizcausevic-dev/student-ai-disclosure-spec) | **Student AI Disclosure** — student-side: roles, prompt evidence (full/hashed/omitted), artifact-hash binding | `disclosure_version` |\n| [`classroom-ai-aup-spec`](https://github.com/mizcausevic-dev/classroom-ai-aup-spec) | **Classroom AI AUP** — district / school / course-side policy (closes the EdTech trio) | `aup_version` |\n| [`clinical-ai-disclosure-spec`](https://github.com/mizcausevic-dev/clinical-ai-disclosure-spec) | **Clinical AI Disclosure** — HealthTech vendor-side: HIPAA / FDA / SaMD posture, bias audits, EHR (FHIR / CDS Hooks) | `clinical_ai_card_version` |\n| [`ai-incident-card-spec`](https://github.com/mizcausevic-dev/ai-incident-card-spec) | **AI Incident Card** — \"CVE for AI agents,\" cross-references every other affected document in the Suite | `incident_card_version` |\n| [`ai-procurement-decision-spec`](https://github.com/mizcausevic-dev/ai-procurement-decision-spec) | **AI Procurement Decision Card** — buyer-side approval/rejection record that signs off on a vendor's posture across the rest of the Suite | `decision_card_version` |\n\n### 🛠️ AEO Reference Stack\n\nThe canonical depth example — every layer needed to consume the spec, across five languages:\n\n| Layer | Repos |\n|---|---|\n| **SDKs** | [`aeo-sdk-python`](https://github.com/mizcausevic-dev/aeo-sdk-python) (live on [PyPI](https://pypi.org/project/aeo-protocol/)) · [`aeo-sdk-typescript`](https://github.com/mizcausevic-dev/aeo-sdk-typescript) · [`aeo-sdk-rust`](https://github.com/mizcausevic-dev/aeo-sdk-rust) · [`aeo-sdk-go`](https://github.com/mizcausevic-dev/aeo-sdk-go) · [`aeo-sdk-swift`](https://github.com/mizcausevic-dev/aeo-sdk-swift) |\n| **CLI** | [`aeo-cli`](https://github.com/mizcausevic-dev/aeo-cli) — `aeo validate / fetch / inspect / claim`, colored output, end-to-end against the live well-known URL |\n| **Crawler** | [`aeo-crawler`](https://github.com/mizcausevic-dev/aeo-crawler) — BFS over AEO graphs, JSON Lines output, configurable depth + concurrency |\n| **Validator service** | [`aeo-validator-service`](https://github.com/mizcausevic-dev/aeo-validator-service) — **always-on HTTP validator** for AEO + all 11 Suite docs. Auto-detects the spec via `*_version` sniffing, hashes canonically, tracks **drift** across re-checks (`POST /watches/{id}/recheck` returns a structured `DriftReport`). |\n| **Graph explorer** | [`aeo-graph-explorer-rs`](https://github.com/mizcausevic-dev/aeo-graph-explorer-rs) — **Rust + axum + petgraph** graph-query service over `aeo-crawler` JSONL output. Ingests atomically; exposes `/nodes` · `/neighbors` · `/shortest-path` · `/find-by-claim`. **The fifth layer of the AEO Reference Stack — 3→5 layers gap closed.** |\n\n#### Spec-ecosystem primitive\n\n[`hash-attestation-rs`](https://github.com/mizcausevic-dev/hash-attestation-rs) — **sign + verify Suite docs** with ed25519 over the same canonical-hash convention every other Suite repo uses. The missing \"this AEO actually came from the vendor\" layer. Vendors sign, publish a well-known public key URL, consumers verify. Composes with `aeo-validator-service` (tamper events surface as structured issues) and `procurement-decision-api` (Decision Cards can carry a signature).\n\n### 📈 AEO / GEO Infrastructure\n\nThe spec is only one layer. The newer control-plane layer covers citation readiness, publication safety, visibility monitoring, and release posture:\n\n| Repo | What it does |\n|---|---|\n| [`aeo-citation-gap-finder`](https://github.com/mizcausevic-dev/aeo-citation-gap-finder) | Detects weakly sourced, stale, or unsupported claims before they leak into answer-engine surfaces |\n| [`llms-txt-governance-hub`](https://github.com/mizcausevic-dev/llms-txt-governance-hub) | Governs `llms.txt` manifests, exclusions, freshness windows, and release approvals |\n| [`geo-competitive-visibility-tracker`](https://github.com/mizcausevic-dev/geo-competitive-visibility-tracker) | Tracks answer-surface share, citation pressure, and competitor query ownership |\n| [`aeo-registry`](https://github.com/mizcausevic-dev/aeo-registry) | Governed inventory of manifests, claim readiness, freshness pressure, and publisher posture |\n| [`aeo-linter`](https://github.com/mizcausevic-dev/aeo-linter) | Rust CLI for manifest hygiene, source freshness, claim coverage, and answer-surface readiness |\n\n### 🔌 MCP Integration\n\n| Repo | What it does |\n|---|---|\n| [`mcp-aeo-server`](https://github.com/mizcausevic-dev/mcp-aeo-server) | AEO-only MCP server — 4 tools, one Claude Desktop config entry |\n| [`mcp-kinetic-gain`](https://github.com/mizcausevic-dev/mcp-kinetic-gain) | **Unified MCP server** — **63 tools across 11 specs** (v0.7.1, git-tagged), one Claude Desktop config entry, 126 tests passing. Headline tools: `aup_check_compliance` joins an AUP + Student AI Disclosure into a single allow/deny call; `decision_card_validate` enforces the full procurement Decision Card conditional ruleset. |\n| [`mcp-reliability-toolkit`](https://github.com/mizcausevic-dev/mcp-reliability-toolkit) | **Reliability MCP server** — 4 tools (`compute_slo_burn`, `design_rate_limiter`, `design_circuit_breaker`, `compose_reliability_pattern`). Same math as `slo-budget-tracker`; emits drop-in Python + Rust configs from a Claude conversation. |\n| [`mcp-decision-intelligence`](https://github.com/mizcausevic-dev/mcp-decision-intelligence) | **Decision Intelligence MCP server** — 4 tools (`validate_decision_card`, `preview_policy_bundle`, `plan_incident_remediation`, `check_contract_compatibility`). Read-only preview of what `procurement-decision-api` + `policy-as-code-engine` + `incident-correlation-rs` + `data-contract-registry` would do — deterministic, no LLM-in-the-loop reasoning. |\n| [`mcp-permission-broker`](https://github.com/mizcausevic-dev/mcp-permission-broker) | **Runtime permission gate** — the enforcement point between an AI Procurement Decision Card and an MCP tool call. Composes Decision Card conditions into PolicyBundles, applies deny-trumps-allow at request time, emits `tool_invocation_*` events to the audit-stream spine. The piece that turns \"buyer signed off\" into \"this tool call is denied.\" |\n| [`azure-openai-governance-bridge`](https://github.com/mizcausevic-dev/azure-openai-governance-bridge) | **The Azure-native sibling of the broker.** An Azure Function in front of Azure OpenAI that enforces the same deny-trumps-allow PolicyBundle contract on every chat-completion call (deployment + each declared tool), forwards allowed calls, 403/409s denied ones, emits `tool_invocation_*` to audit-stream-py. Bicep IaC included. Puts the Suite's governance on the data path enterprises actually run AI on. |\n\n### 🖼️ Visualizers + galleries\n\n| Live | Repo | What it does |\n|---|---|---|\n| [`aeo.kineticgain.com`](https://aeo.kineticgain.com) | [`aeo-visualizer`](https://github.com/mizcausevic-dev/aeo-visualizer) | Dedicated AEO Protocol web visualizer |\n| [`kinetic-gain-visualizer`](https://mizcausevic-dev.github.io/kinetic-gain-visualizer/) | [`kinetic-gain-visualizer`](https://github.com/mizcausevic-dev/kinetic-gain-visualizer) | **Unified visualizer** — auto-detects the spec from the top-level `*_version` field and renders the appropriate view. **Eleven specs auto-detected**; five views: Visualize / Editor / Architecture / Tools / About |\n| [`examples.kineticgain.com`](https://examples.kineticgain.com) | [`kinetic-gain-examples-gallery`](https://github.com/mizcausevic-dev/kinetic-gain-examples-gallery) | **Examples gallery** — sidebar of 11 specs, click any to see its canonical example rendered with JSON syntax highlighting |\n| [`walker.kineticgain.com`](https://walker.kineticgain.com) | [`well-known-walker-web`](https://github.com/mizcausevic-dev/well-known-walker-web) | **well-known-walker** — paste any domain, see every Kinetic Gain disclosure document it publishes |\n| [`bench.kineticgain.com`](https://bench.kineticgain.com) | [`prompt-injection-bench-web`](https://github.com/mizcausevic-dev/prompt-injection-bench-web) | **prompt-injection-bench** visual harness |\n\nThe unified visualizer + unified MCP server give the Suite a complete read-side (human) and tool-side (agent) entry point. **Eleven specs, two front doors, and a growing operator subdomain network.**\n\n### 📦 Client libraries\n\n| Repo | What it does |\n|---|---|\n| [`well-known-probe-js`](https://github.com/mizcausevic-dev/well-known-probe-js) | **Zero-dependency vanilla JavaScript** probe for all eleven Suite documents at any domain's `/.well-known/` paths. Runs in browser + Node 18+ + Deno + Bun. Returns a 0-100 disclosure score + tier + per-spec found/missing. Discriminator-aware (a 200 of the wrong JSON shape doesn't count). The shared core of the Vendor AI Disclosure Inspector. |\n| [`kineticgain-vendor-inspector`](https://github.com/mizcausevic-dev/kineticgain-vendor-inspector) | **Browser extension (MV3) + Greasemonkey userscript** that score what AI governance documents any vendor publishes at `/.well-known/`, right from the toolbar (extension) or as an on-page corner badge (userscript). One shared probe core, two distribution surfaces, a build step that keeps both in sync. The client half of the distribution lane — Procurement Pulse runs the same probe server-side. |\n\n### 🛡️ Testing companion\n\n| Repo | What it does |\n|---|---|\n| [`prompt-injection-bench`](https://github.com/mizcausevic-dev/prompt-injection-bench) | **30-attack prompt-injection corpus + Python harness.** Every record back-references the Agent Card `refusal_taxonomy[].category` it tests, so a vendor can mechanically verify declared refusals hold under attack. Failed runs feed AI Incident Cards. Not a 10th spec — the *testing-counterpart* to the disclosure layer. |\n\n---\n\n## 🛡️ Platform Reliability Stack\n\nReliability primitives. Each independent. All designed to compose:\n\n| Repo | Lang | Surface | Buyer |\n|---|---|---|---|\n| [`rate-limit-shield`](https://github.com/mizcausevic-dev/rate-limit-shield) | Python | Token bucket + circuit breaker + jittered retry, HTTP 429 / Retry-After awareness | **SRE** |\n| [`identity-mesh`](https://github.com/mizcausevic-dev/identity-mesh) | Python | SPIFFE-style JWT-SVID broker — short-lived tokens, audience binding, zero long-lived keys | **CISO** |\n| [`agent-canary`](https://github.com/mizcausevic-dev/agent-canary) | Python | Progressive rollout, shadow mode, sticky-percent routing, auto-rollback | **Platform / SRE** |\n| [`model-registry-pro`](https://github.com/mizcausevic-dev/model-registry-pro) | Python | Model lifecycle catalog: lineage, stage promotion, approval gates | **Platform / MLOps** |\n| [`slo-budget-tracker`](https://github.com/mizcausevic-dev/slo-budget-tracker) | Python | SLO + error-budget library, FastAPI middleware, Prometheus exporter, multi-window burn-rate alerts | **SRE** |\n| [`reliability-toolkit-rs`](https://github.com/mizcausevic-dev/reliability-toolkit-rs) | **Rust** | Async Tokio primitives: token-bucket rate limiter · 3-state circuit breaker · exponential-backoff retry with jitter · bulkhead | **SRE / Platform** |\n| [`feature-flag-rs`](https://github.com/mizcausevic-dev/feature-flag-rs) | **Rust** | Server-side feature flag eval — targeting rules, sticky percentage rollouts (SHA-256 bucketing, no RNG), hot reload | **Platform / SRE** |\n| [`request-shadow-rs`](https://github.com/mizcausevic-dev/request-shadow-rs) | **Rust** | Async request mirroring with sampling + divergence detection — fires both legs concurrently, returns the primary while collecting a structured diff. The SRE primitive for safe migrations | **SRE / Platform** |\n| [`audit-stream-py`](https://github.com/mizcausevic-dev/audit-stream-py) | Python | **Append-only governance event stream** for the whole portfolio. Hash-chained for tamper-evidence, SSE for live tailing, REST for queries. Every other portfolio repo is a producer. **Platform Reliability Stack #10 — the 10+ target is hit.** | **SRE / Compliance** |\n\nIdentity at the edge → rate limits at the model → canary at deploy → registry as source of truth → SLO budget at the API surface → Rust primitives for hot paths → feature flags for rollout control → shadow traffic for migrations → tamper-evident audit log. **Defense-in-depth for the agent era.**\n\n---\n\n## 🌐 Polyglot Platform Stack\n\nProduction-shaped backend services in the right language for the problem. **15+ languages across one coherent platform.**\n\n| Language | Repo | What it does |\n|---|---|---|\n| **Go** | [`edge-policy-enforcer`](https://github.com/mizcausevic-dev/edge-policy-enforcer) | Edge request governance, bot handling, redirect control |\n| **G","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmizcausevic-dev%2Fmizcausevic-dev","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmizcausevic-dev%2Fmizcausevic-dev","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmizcausevic-dev%2Fmizcausevic-dev/lists"}