Engineering · Platform Architecture · B2B SaaS Technologist Boston, MA · ~30 years across IBM, CyberArk, Alteryx, Digital.ai, Gryphon.ai

I build the systems that sit between traffic, revenue, and the teams that operate them. Platform engineering, GTM systems, traffic integrity, digital intelligence, AI governance. Publicly: 396 repos, 60+ live properties, and 15+ production-style operator surfaces. I also author open specifications for the answer-engine era — and a fifteen-repo implementation stack that consumes them (Suite × Implementations). Polyglot by choice: the language fits the problem, not the resume.

"Long-lived credentials are tomorrow's incident reports. Build short-lived. Audit always. Document once."

• Recruiters: platform engineer / systems architect shipping across GTM, cloud, identity, AI governance, and operator tooling.
• CISOs / CTOs: buyer-safe control planes, evidence routing, policy enforcement, and synthetic-data workflow surfaces for regulated and enterprise operations.
• Developers: start with docs.kineticgain.com, suite.kineticgain.com, and portfolio.kineticgain.com.
• Founders / investors: monetization ladder already in motion across open source, templates, hosted operator surfaces, and embedded implementation work.
• Fastest proof: portfolio.kineticgain.com for the live atlas, suite.kineticgain.com for the protocol layer, docs.kineticgain.com for guided entry points.

Publication note: many of the repos below were published in a concentrated May 2026 portfolio sprint. The dates reflect public packaging, CI, screenshots, and repo hardening, not the first moment the ideas or workstreams existed.

The current public wave now spans revenue systems, traffic integrity, web-platform reliability, regulated workflow operations, a polyglot language atlas, and multi-cloud identity & platform governance:

• GTM Systems & Growth — demand-gen automation, CRM routing, lifecycle control, offer motion
• Traffic Integrity — bot mitigation, click-fraud reduction, clean analytics inputs
• Digital Intelligence — attribution, telemetry, SEO governance, pipeline clarity
• Platform Engineering — headless CMS, DevOps, core web vitals, resilient delivery
• Regulated Workflow Systems — approval routing, obligation graphs, consent evidence, audit posture
• Operational Command Surfaces — bookings, creator launches, menu sync, store incidents, permits, crop compliance
• Language Atlas — real operator surfaces in Flutter, Julia, Python, Rust, Go, PHP, Kotlin, and more where the language fits the system shape
• Cloud Identity, Platform, FinOps & Threat Detection — operator surfaces for Microsoft (Entra access reviews, Intune device compliance, M365 Purview retention), AWS (IAM Access Analyzer + GuardDuty triage), GCP (IAM policy drift + billing-anomaly routing), and Azure (landing-zone drift). Each is a synthetic-data operator console at production hardness — AGPL-3.0-or-later, dual-Node CI, dependabot, 95%+ coverage, deployed on its own kineticgain.com subdomain.

Early anchors in that lane:

• revops-lead-router — control plane for lead enrichment, CRM routing, speed-to-lead posture, and queue integrity

• fraud-click-filter · cf-bot-shield-tf · honeypot-form-validator · anomaly-log-hunter — traffic-integrity layer for blocking fraudulent sessions before they burn ad spend or poison analytics

• dbt-multi-touch-attr · gtm-datalayer-standards · seo-vital-monitor · pipeline-velocity-dash — digital-intelligence layer for attribution, signal clarity, and route-level performance posture

• offer-ladder-engine — offer-path and conversion-state control for pricing and package motion

• edge-redirect-manager · headless-wp-vue-starter — web-platform layer for headless CMS delivery, route migration, preview-safe rendering, and SEO-conscious frontend architecture

• regulatory-comment-intelligence-hub · contract-clause-obligation-graph · prior-authorization-evidence-router · patient-consent-audit-stream — regulated workflow layer for approvals, obligation mapping, evidence routing, and synthetic audit posture

• creator-partnership-deal-desk · booking-disruption-command-center · menu-availability-sync-engine · store-ops-incident-board — launch and operations layer for creator programs, hospitality disruption handling, menu sync, and store incident response

• flutter-operator-console · capacity-optimizer-jl · regulatory-reporting-mart — language-atlas proof that the portfolio ships real operator systems in Flutter/Dart, Julia, and Python, not just one web stack

• Multi-cloud identity, platform, FinOps & threat-detection lane — eight operator consoles all at v1.0-prod, all running on their own kineticgain.com subdomain:

  • entra-access-review-control-plane → entra.kineticgain.com — Microsoft Entra access reviews & privileged role drift
  • intune-device-compliance-ops → intune.kineticgain.com — Intune device compliance & jailbreak / OS-drift posture
  • m365-retention-case-orchestrator → retention.kineticgain.com — Microsoft 365 Purview retention & eDiscovery
  • aws-iam-access-analyzer-console → aws.kineticgain.com — AWS IAM Access Analyzer & cross-account trust
  • aws-guardduty-triage-board → guardduty.kineticgain.com — AWS GuardDuty detector posture, threat-finding triage & incident response
  • gcp-iam-policy-diff-lab → gcp.kineticgain.com — GCP IAM policy drift & org-policy posture
  • gcp-billing-anomaly-router → billing.kineticgain.com — GCP billing-anomaly routing, budget breaches & FinOps escalation
  • azure-landing-zone-drift-radar → zone.kineticgain.com — Azure landing-zone baseline drift & guardrail risk

• Horizontal composition tools for the Suite-as-parallel-structure thesis — four pieces that make the eight 6-packs demonstrably composable at runtime, structurally comparable as buyer reference, dashboard-observable as Suite-wide posture, and discoverable at the suite hub:

  • kg-suite-vertical-router — npm package + GitHub Action that auto-detects + routes ANY Suite artifact (Decision Card vault contract / Incident Card / Evidence Bundle manifest / audit-stream event / state-tracker event) to the right vertical-specific verification logic. One CLI command (kg-suite-route artifact.json) routes any artifact across any of the 6 verticals. Enforces 4 cross-cutting invariants: human-in-loop, FCRA permissible-purpose, NYC LL 144 candidate-notice, Incident-Card regulator-referral-evaluation structure.
  • kg-suite-vertical-comparator — generates AEO-friendly Markdown + JSON tables surfacing SAME canonical shapes vs DIFFERENT per-vertical design contributions across all 36 sibling spec repos. Pre-generated canonical CROSS-VERTICAL-COMPARISON.md covers the 6 × 6 matrix + 5 cross-cutting invariant tables. Plus per-artifact kg-suite-compare a b CLI. Reuse on procurement comparison sheets, RFPs, vendor due-diligence packages.
  • kg-suite-fleet-dashboard — single-file static HTML operator dashboard showing Suite-wide posture: hero count badges (6 verticals · 6 shapes · 36 repos · 5 invariants), per-vertical posture cards, cross-vertical posture-by-shape table, cross-cutting invariant compliance matrix, and CLI cards for router + comparator. Dark-themed, no framework, no build step, strict CSP. Live at mizcausevic-dev.github.io/kg-suite-fleet-dashboard/.
  • Eight dark-themed vertical mini-landings on suite.kineticgain.com/verticals/ — one buyer-facing page per vertical 6-pack with federal-floor regulatory anchor, canonical example, key design innovation, and all 6 sibling repos as cards.

• HealthTech + EdTech + PropTech + InsurTech + HR Tech + FinTech + GovTech + LegalTech 6-packs — forty-eight sibling specs / profiles / labs that fan out the Suite's regulated-vertical coverage across eight verticals as parallel structures. Each vertical's six repos mirror the same six shapes (Decision Card vault profile · Incident Card profile · Evidence Bundle profile for compliance · Evidence Bundle profile for bias · Operator audit-stream schema · Operator regulatory-lifecycle tracker), so a buyer's tooling that processes one vertical's artifacts works on the other seven. All v0.1 draft, all MIT (spec-side licensing), all kinetic-gain-protocol-suite topic-tagged, all composing with each other via linked_records so a single deployment's evidence reads as one graph.

  HealthTech 6-pack (FDA + HIPAA + Section 1557 + IMDRF):

  • fhir-resource-access-audit — append-only ledger of which AI tool read which patient FHIR resource (HL7 FHIR AuditEvent → Suite audit-stream)
  • fda-samd-classification-board — hash-chained record + reference verifier for an AI/ML medical device's FDA SaMD classification lifecycle (510(k) / De Novo / PMA + PCCP per FDA Dec 2024 final)
  • hipaa-readiness-evidence-bundle — evidence-bundle-spec profile scoped to HIPAA Security Rule's 18 Administrative / Physical / Technical standards
  • clinical-bias-cohort-coverage-lab — pre-market + post-deployment bias coverage profile (OMB SPD 15 + Section 1557 + Fitzpatrick + equity metrics)
  • medical-adverse-event-incident-card — AI Incident Card profile mapping to FDA MedWatch + EU MDR vigilance + IMDRF AE Terminology + CTCAE-aligned severity
  • phi-vault-contract-profile — AI Procurement Decision Card v0.3 vault contract profile naming HIPAA's 18 Safe Harbor identifier categories

  EdTech 6-pack (FERPA + COPPA + IDEA / Section 504 + ESSA + 50 state student-data-privacy regimes):

  • student-data-access-audit-stream — append-only ledger of which AI tool read which student record under what FERPA exception or COPPA consent basis. CEDS + Ed-Fi semantics → Suite audit-stream
  • state-ai-disclosure-state-tracker — hash-chained per-state lifecycle record for the 50 state student-data-privacy + state-AI-policy regimes (IL SOPPA, CA AB 1584 + AB 2876, TX HB 18 / SCOPE, NY ED Law 2-d, VA ChAIPA, etc.). Per-state state machine + verifier
  • ferpa-readiness-evidence-bundle — evidence-bundle-spec profile scoped to FERPA's 8 obligation families (annual notification, school-official exception, directory information, consent, records of disclosure, amendment, breach response, vendor procurement controls)
  • student-cohort-bias-coverage-lab — bias coverage profile scoped to ESSA accountability subgroups (race per OMB SPD 15, EL, IDEA/504, migrant, gender per Title IX) + EdTech additional dimensions (Fitzpatrick analog: EL WIDA proficiency, foster, homeless, primary home language)
  • ai-student-record-incident-card-profile — AI Incident Card profile mapping severity/type fields to FERPA + COPPA + IDEA + Section 504 + Title VI/IX/504 civil rights + per-state breach-notification taxonomies, plus a CTCAE-analog instructional-impact severity scale
  • pii-student-vault-contract-profile — AI Procurement Decision Card v0.3 vault contract profile naming FERPA's 7 §99.3 PII categories AND COPPA's 10 §312.2 PI categories (2025 refresh) AND a four-doctrine consent_basis_taxonomy

  PropTech 6-pack (RESPA + ECOA Reg B + Fair Housing Act + HMDA + GLBA Safeguards + CFPB UDAAP + 50 state real-estate-AI regimes):

  • mortgage-decision-record-audit-stream — per-mortgage-application AI-tool-access events, hash-chained for ECOA Reg B 12 CFR 1002.12 + GLBA + HMDA + CFPB UDAAP recordkeeping. MISMO + Fannie Mae URLA semantics → Suite audit-stream. human_underwriter_required invariant blocks autonomous adverse-action issuance
  • state-real-estate-ai-disclosure-tracker — per-state lifecycle ledger of US state real-estate / mortgage / appraisal / tenant-screening AI-disclosure laws. State machine + verifier. Seed: CA SB 942, CO SB 24-205, IL HB 3773, NY S 1169, TX HB 1709 (TRAIGA)
  • respa-readiness-evidence-bundle — evidence-bundle-spec profile scoped to mortgage / real-estate AI compliance readiness across 10 obligation families (RESPA, ECOA Reg B, TILA-RESPA TRID, Fair Housing, HMDA, GLBA Safeguards, CFPB UDAAP, ALTA Best Practices, NAR 2024 Settlement, state real-estate AI laws)
  • mortgage-applicant-bias-coverage-lab — pre-deployment + ongoing-monitoring bias coverage profile for AI mortgage / appraisal / pricing tools. ECOA Reg B 9 protected classes + Fair Housing Act 7 classes + mortgage dimensions (LTV/DTI bands, MSA, census tract, majority-minority-tract flag). EEOC four-fifths-rule canonical disparate-impact threshold
  • title-chain-evidence-incident-card-profile — AI Incident Card profile mapping severity / type fields to CFPB UDAAP + ECOA + Fair Housing + RESPA Section 8 + title-chain integrity event taxonomies
  • mls-data-access-vault-contract-profile — AI Procurement Decision Card v0.3 vault contract profile naming RESPA + ECOA + Fair Housing + MLS + GLBA data categories AND a 7-doctrine consent_basis_taxonomy

  InsurTech 6-pack (NAIC AI Model Bulletin Nov 2023 + state DOI adoptions + NY DFS Circular Letter 7 + CO SB 21-169 + CA DOI Bulletin 2022-5 + FCRA + GLBA + ACORD):

  • insurance-decision-record-audit-stream — per-application / claim / pricing AI-tool-access events, hash-chained. Covers underwriting + claims + pricing under one schema with kind enum branching. ACORD-bridged. human_adjudicator_required invariant scoped to adverse-action-capable kinds + recommendations
  • state-insurance-ai-disclosure-tracker — per-state lifecycle ledger of US state DOI AI bulletins / circular letters / regulations / statutes. 9-state lifecycle + 6-vehicle taxonomy. Seed: CT (first NAIC adoption), NY DFS CL 7, CO 3 CCR 702-10 (CO SB 21-169 implementation), CA Bulletin 2022-5, WA TAA 2024-04
  • naic-ai-bulletin-readiness-evidence-bundle — evidence-bundle-spec profile scoped to NAIC AI Model Bulletin (Nov 2023) readiness across 6 obligation families (governance · risk-management · third-party-ai · testing-validation · consumer-protection · state-doi-examination-readiness). NY DFS CL 7 + CO 3 CCR 702-10 overlays
  • insurance-applicant-bias-coverage-lab — pre-deployment + ongoing-monitoring bias coverage profile. CO SB 21-169 + NAIC §3 + NY DFS CL 7 + EEOC four-fifths-rule + the insurance-unique actuarial-soundness-defended coverage status (recognizes apparent gaps that are actuarially justified)
  • unfair-discrimination-incident-card-profile — AI Incident Card profile for insurance unfair-discrimination / biased decisioning / NAIC governance gaps / ECDIS defects / FCRA-dispute patterns / state DOI exam findings. 10 event types + 4-tier severity + 6 regulator-referral pathways with evaluation-state tracking
  • policyholder-data-vault-contract-profile — AI Procurement Decision Card v0.3 vault contract profile naming 15 insurance-data categories (ACORD-family + external consumer data + media + protected-class data) + 7-doctrine consent_basis + 9 protection levels + 5 vendor due-diligence artifacts. Protected-class data default: tokenized AND NOT a model input

  HR Tech 6-pack (EEOC AI Guidance May 2023 + Title VII + ADA + ADEA + GINA + OFCCP + NYC Local Law 144 + IL 820 ILCS 42 Video Interview Act + MD HB 1202 Facial Recognition + CO SB 24-205):

  • employment-decision-record-audit-stream — per-hiring / promotion / performance / termination AI-tool-access events, hash-chained. 14-kind event taxonomy. Workday/UKG/Greenhouse-bridged. Two distinct invariants: human-hiring-decision-required + NYC LL 144 candidate-notice-provided (the only Suite audit-stream with two orthogonal invariants because LL 144 imposes a candidate-notice obligation independent of human-in-loop)
  • state-employment-ai-disclosure-tracker — per-jurisdiction lifecycle ledger of US state + local employment-AI laws. First Suite tracker supporting sub-state jurisdictions (US-XX-CITY pattern, because NYC LL 144 is THE headline). Seed: NYC LL 144, IL 820 ILCS 42 + HB 3773, MD HB 1202, CA AB 331 (withdrawn), CO SB 24-205
  • eeoc-readiness-evidence-bundle — evidence-bundle-spec profile scoped to EEOC AI Guidance (May 2023) readiness across 6 obligation families (title-vii-disparate-impact · ada-accommodation · adea-age-fairness · gina-genetic-info-prohibition · eeoc-recordkeeping · ofccp-federal-contractor)
  • employment-candidate-bias-coverage-lab — pre-deployment + ongoing-monitoring bias coverage profile. NYC LL 144 annual-bias-audit + UGESP four-fifths-rule + UGESP §1607.5(D) 2-SD practical-significance test + Bostock SO/GI expansion + the HR-Tech-unique accommodation-pathway-impairment coverage status
  • employment-ai-incident-card-profile — AI Incident Card profile for employment-AI consumer-harm events. 13 event types + 4-tier severity + 7 regulator-referral pathways (EEOC + state civil-rights agency + NYC DCWP + OFCCP + DOJ + ADA-Rehab-503 + state AG) with evaluation-state tracking
  • candidate-data-vault-contract-profile — AI Procurement Decision Card v0.3 vault contract profile naming 19 candidate-data categories + 7-doctrine consent_basis + 9 protection levels + 5-flag ADA accommodation pathway block + 7 vendor due-diligence artifacts. 6 categories default tokenized-and-not-as-model-input-by-default (biometric features, credit-check, social-media-scrape, protected-class self-ID, accommodation request, ADA medical doc)

  FinTech 6-pack (CFPB AI bulletin 2023 + CFPB Section 1071 + CFPB Section 1033 + CFPB UDAAP + OCC/FRB/FDIC joint AI statement 2023 + OCC Bulletin 2011-12 + FRB SR 11-7 + ECOA Reg B + FCRA Reg V + GLBA Safeguards + BSA/AML + SEC/FINRA. Distinct from PropTech mortgage):

  • financial-decision-record-audit-stream — per-consumer-credit / deposit / payment / fraud / AML / robo-advisor / Section-1071-small-business AI-tool-access events, hash-chained. 15-kind event taxonomy across 19 product lines. Two orthogonal invariants: human-credit-officer-required AND FCRA permissible-purpose required (every credit-bureau pull must cite FCRA §604)
  • state-financial-ai-disclosure-tracker — per-state lifecycle ledger of US state banking-regulator regulations + state-AG enforcement + state statutes. First Suite tracker supporting multi-regulation per state (CA CCFPL statute + CA DFPI 10 CCR 1060-1077 implementation as parallel lifecycle streams). Seed: NY Part 500 + 2nd Amendment, CA CCFPL + DFPI 10 CCR, CO SB 24-205, IL HB 3773, TX HB 1709
  • cfpb-readiness-evidence-bundle — evidence-bundle-spec profile across 8 obligation families (model-risk-management · ECOA Reg B · FCRA Reg V · GLBA Safeguards · BSA/AML · Section 1071 small business · Section 1033 financial data rights · CFPB UDAAP). ECOA-specific P760D (25-month) recordkeeping freshness floor
  • financial-applicant-bias-coverage-lab — pre-deployment + ongoing-monitoring bias coverage profile. ECOA Reg B 9 protected classes + Section 1071 minority/women/LGBTQI-owned business status + FinTech-specific dimensions (credit-score band, channel online vs in-branch, thin-file vs thick-file). Adds business-necessity-defended AND redlining-pattern-flagged coverage statuses
  • financial-ai-incident-card-profile — AI Incident Card profile for FinTech AI consumer-harm events. 15 event types + 4-tier severity + 9 regulator-referral pathways including primary-federal-supervisor-notification (routes to OCC / FRB / FDIC / NCUA per institution type) + fincen-sar-narrative-update + cfpb-fair-lending-referral
  • financial-customer-data-vault-contract-profile — AI Procurement Decision Card v0.3 vault contract profile naming 17 financial-data categories + 10-doctrine consent_basis + 10 protection levels + 8 vendor due-diligence artifacts. Section 1071 demographic + ECOA-protected-class default tokenized-and-not-as-model-input-by-default. Section 1033 data-portability window in retention envelope

  GovTech 6-pack (OMB M-24-10 + AI Bill of Rights + Section 508 + Privacy Act + FOIA + NIST AI RMF + EO 14110 [rescinded] / EO 14179 + FedRAMP + state government AI laws — covers government's OWN AI use, distinct from prior 6 verticals which cover government-as-regulator):

  • government-decision-record-audit-stream — per-federal / state / local AI decision-record events, hash-chained. 16-kind event taxonomy across benefit determination + federal contracting + FOIA + tax admin + law enforcement + chatbot + regulatory permit. First Suite audit stream with THREE orthogonal invariants: human-agency-officer + Federal AI Use Case Inventory + classification-clearance (E.O. 13526 / 32 CFR Part 2002 CUI ordered enforcement)
  • state-government-ai-disclosure-tracker — per-jurisdiction lifecycle ledger of US federal EOs + OMB memos + state government AI laws + local AI ordinances. Includes rescinded lifecycle state (executive orders + memos uniquely susceptible). Seed: OMB M-24-10 effective, EO 14110 rescinded by EO 14179, CT Public Act 23-16, NYC AI Mayoral Action Plan
  • omb-m24-10-readiness-evidence-bundle — evidence-bundle-spec profile across 8 obligation families covering OMB M-24-10 governance + Federal AI Use Case Inventory + rights-impacting + safety-impacting minimum practices + OMB M-24-18 procurement + Section 508 accessibility + Privacy Act / FOIA + NIST AI RMF
  • government-applicant-bias-coverage-lab — pre-deployment + ongoing-monitoring bias coverage profile. OMB M-24-10 §5(d) + Title VI + ADA Title II + Section 1557 + OFCCP-equivalent + EEOC four-fifths-rule. Adds GovTech-unique Title VI LEP dimension + accessibility-pathway-impairment + agency-civil-rights-finding-pending coverage statuses
  • government-ai-incident-card-profile — AI Incident Card profile for federal / state / local government AI consumer-harm events. 18 event types — most extensive of any vertical Incident Card because government AI has the widest event-type surface area (multiple internal regulators + multiple external regulators + congressional oversight + state AG overlay + Federal AI Use Case Inventory inaccuracy as distinct event). 10 regulator-referral pathways including the GovTech-unique federal-ai-use-case-inventory-correction
  • citizen-data-vault-contract-profile — AI Procurement Decision Card v0.3 vault contract profile naming 15 government-data categories. 10 protection levels including GovTech-unique clearance-gated (REQUIRES matching agent_clearance_level) + tokenized-with-foia-exemption-tagging + tokenized-with-language-code-cleartext (Title VI LEP routing). REQUIRED ai_use_case_inventory_block — the OMB M-24-10 §3(a) inventory-publication requirement encoded directly into the Decision Card (no other vertical has this)

  LegalTech 6-pack (ABA Model Rules 1.1c8 + 1.6 + 1.6(c) + 1.7 + 1.9 + 3.3 + 5.3 + 5.5 + attorney-client privilege + work-product doctrine + state bar opinions (CA / NY-COSAC / FL / DC / PA / TX / IL) + Mata v. Avianca-era federal court standing orders — covers attorneys' OWN AI use ethics, distinct from prior 7 verticals):

  • matter-decision-record-audit-stream — per-matter privileged decision events, hash-chained. 14-kind event taxonomy. FIRST Suite audit stream where resource.privilege_tier is REQUIRED on every event — 8-value taxonomy (privileged · work-product · joint-defense · common-interest · public-record · pre-litigation-investigative-privilege · tribunal-disclosure-required · opposing-party-quarantine). Three invariants: privilege-tier consistency + engagement-letter binding (ABA 1.7/1.9) + citation-validation-before-production-ready (anti-Mata-v-Avianca)
  • state-bar-ai-disclosure-tracker — jurisdiction-spanning lifecycle tracker. 9 jurisdictions seeded (ABA + 7 state bars + SDNY Mata v. Avianca sanction). Same bar_jurisdiction field accepts both state bar (US-CA-BAR) and federal court (SDNY) identifiers
  • aba-rule-1-6-readiness-evidence-bundle — evidence-bundle-spec profile. 8 obligation families × 35 required evidence kinds. Treats attorney-client privilege + work-product doctrine as TWO separate families (waiver mechanics differ from confidentiality)
  • legal-applicant-bias-coverage-lab — bias coverage for legal AI (jury selection, sentencing, immigration triage, public defender caseload, eDiscovery TAR). Three LegalTech-unique subgroups (indigent_defendant_status / immigration_status / criminal_history_band) + compas-cautionary-pattern-detected + batson-pattern-detected coverage statuses + supervising-attorney review REQUIRED on four trigger categories (lab gates, doesn't just measure)
  • legal-ai-incident-card-profile — 18 event types incl Mata-v-Avianca court-sanctioned-hallucination. 6-code privilege_waiver_risk_taxonomy (Fed. R. Evid. 502(d) clawback as distinct rung — no other vertical Incident Card has this). ed25519 signature REQUIRED (LegalTech tightens this; sibling verticals leave it optional). Criminal-defense Sixth-Amendment effective-assistance disclosure as a first-class referral pathway
  • attorney-client-data-vault-contract-profile — design centerpiece. 18 attorney-client-data categories × 8 privilege tiers (same enum as the audit-stream — typed cross-repo binding). 4 LegalTech-unique runtime invariants: cross-matter-firewall + privilege-marker stamping + opposing-party-quarantine enforcement + no-training-data-use vendor contract clause REQUIRED. Two LegalTech-unique protection levels: tokenized-and-not-as-model-input-by-default-cross-matter + privilege-marker-required-on-every-disclosure

• Polyglot Operator Reporting lane — three new operator surfaces in three different runtimes, each picked because the language fits the problem (mobile briefings → Flutter, scientific optimization → Julia, warehouse-style mart → Python). All v1.0-prod, all subdomain-deployed:

  • flutter-operator-console → flutter.kineticgain.com — Flutter web operator console: signal triage, briefings, dispatch posture
  • capacity-optimizer-jl → capacity.kineticgain.com — Julia + JuMP capacity planning, constraint optimization, scenario diffs
  • regulatory-reporting-mart → reporting.kineticgain.com — Python warehouse-style mart: docket readiness, evidence packets, deadline pressure, late-risk

Current public GitHub count: 459 repos (LegalTech 6-pack pushes the count past 459). Operator-surface hardening backlog (squad doctrine v1.1): 49 .kineticgain.com subdomains now at v1.0-prod, every Codex-shipped v0.1 caught up — zero gaps remaining at the cutoff. The full grouped index is at kineticgain.com/constellation. Constellation security posture: 30 / 30 buyer-facing surfaces at A/90 on the kg-header-audit rubric — HSTS preload-ready, CSP locked, fonts self-hosted, COEP require-corp enabled.

Three sibling repos enforce a buyer's AI Procurement Decision Card → PolicyBundle at request time, one per upstream surface — the v2 strategy's IBM-credibility flagship lane. Same primitive (deny-trumps-allow eval, x-kg-correlation-id propagation, audit-stream emission), three platforms:

• ibm-watsonx-governance-bridge → watsonx.kineticgain.com — IBM watsonx.ai (Python · IBM Cloud IAM · Code Engine deploy manifest · v1.0-prod)
• azure-openai-governance-bridge — Azure OpenAI (Python · Azure Functions v2 · Bicep IaC)
• mcp-permission-broker — Model Context Protocol transport (the MCP-side sibling)

Same buyer-published AI Procurement Decision Card (now at v0.3), a different enforcement axis: instead of gating requests, this family gates field-level PII at the seam. The Decision Card declares data_vault_targets[] (v0.2 — who can read) and retention_envelope[] (v0.3 — how long the data lives and how deletion is signed). Four sibling surfaces consume one contract:

• ai-procurement-decision-spec — the JSON Schema (v0.2 adds data_vault_targets, v0.3 adds retention_envelope with per-field TTL + ed25519-signed deletion-proof endpoints)
• kg-skyyflow-klaviyo-bridge — Node lib + CLI · audit · tokenize · detokenize · transform (webhook → Klaviyo) · per-field protection levels (none / masked / tokenized) · v0.2.0 · AGPL-3.0
• skyyflow-klaviyo-bridge-console — React + Vite operator console for the bridge engine: dashboard · live webhook simulator with a 3-stage animated pipeline · field mapper · sync log stream
• rag-sentinel — tokenize-before-index for RAG pipelines (server-side enforcement of the same contract)
• deal-desk-workspace — RBAC-aware reveal for the deal-desk surface (client-side enforcement of the same contract)

One Decision Card, four enforcement points. Same SkyyflowVault interface across server-side (rag-sentinel), client-side (deal-desk-workspace, console), pipeline-side (bridge lib), and CLI.

Fourteen new public repos now sit underneath the portfolio as a reusable developer toolkit layer:

• MCP governance — mcp-registry-risk-scanner · mcp-tool-card-generator · mcp-tools-diff
• GenAI observability — agent-trace-normalizer · llm-cost-span-exporter · rag-evidence-trace-linker
• K8s control planes — governance-disclosure-operator · llm-cost-budget-operator · scheduled-audit-operator
• Agent-runtime adapters — agent-tool-adapters · agent-card-runtime-adapters
• Knowledge graph + evidence — rag-evidence-graph · wellknown-index-aggregator

These are not customer-facing protocol specs. They are the implementation toolkit underneath the protocol layer: manifest scanning, disclosure generation, tool drift detection, runtime adapters, evidence integrity, cost spans, and Kubernetes-native governance publishing.

The next ~10 operator-surface repos are organized as three sub-verticals × four-tier monetization ladder, with SEO and security posture as first-class concerns on every repo. Each lane lands on a real enterprise platform; each repo carries the credible "from someone who lived in this stack" hook — IBM enterprise integration · CyberArk identity · Alteryx analytics.

Three sub-verticals:

Four-tier monetization ladder per repo (honest tier wording):

Tier-4 runtime SDK shipped (2026-05-30): kinetic-gain-embedded v0.1 — drop-in TypeScript SDK (Apache-2.0, zero runtime deps, dual ESM/CJS) for B2B SaaS embedders. Emits hash-chained audit events, enforces Decision Card vault contracts before AI tools touch sensitive data, signs with ed25519. 42 tests across 4 suites; CI matrix on Node 20+22. The runtime side of the Suite; hosted tiers stack on top.

Default for a tier-1-only repo: list tiers 1 + 2-planned only. No SaaS-looking promises without an OAuth + billing + tenant + support motion behind them.

Cross-cutting (every repo, no exceptions):

• SEO — dark slate/blue theme · descriptive dofollow anchors · /.well-known/ Suite docs · hub-and-spoke interlinking · GH topics + homepage set · sitemap entry
• Security — read-only by default · minimal OAuth scopes · no tenant credentials in repo · synthetic fixtures only · evidence packets signed (ed25519 once pulse-signing.json ships)
• Compliance language (broad) — across HIPAA · FERPA · SOC 2 · GDPR · ISO 27001 · accessibility (WCAG/ADA) · AI governance (NIST AI RMF, EU AI Act, ISO 42001): always frame as readiness · evidence · posture · controls · scaffolding. Never "certified" / "compliant" unless truly audited and currently attested. No "BAA" / "DPA" / "PHI" / "PII" / "audit ready" promises without legal review.
• Anti-overlap discipline — before opening any new repo, document core primitive · target buyer · target platform · monetization tier path · nearest existing repo · why distinct. Blocks the "same surface, different wrapper" drift.
• Pulse universe entry — every deploy adds its CNAME to the AI Procurement Pulse universe, additively · async if possible · non-fatal on failure. Pulse-entry never blocks a publish.

Phase 0 anchors (founder-credibility-ordered):

1. ibm-watsonx-governance-bridge — founder-credibility flagship. IBM is the most credible "lived in this stack" hook in the portfolio; watsonx Governance is the cleanest disclosure-shaped target.
2. genesys-cx-disclosure-board — enterprise workflow/CX flagship. Warmest CISO/VP-CX buyer + highest tier-4 KGE fit.
3. klaviyo-flow-consent-audit — Growth Ops flagship. Cleanest CMO/RevOps narrative; consent-state lineage is a timely angle.

Three anchors prove the four-tier ladder in three distinct buyer contexts before the remaining 7 fill out at tier-1 + tier-2-planned. FirstUp deferred to second-tier priority — good fit, weaker instant recognition than IBM/Genesys/Camunda/UKG/Klaviyo/VWO.

The portfolio runs on two parallel layers that compose:

1. A growing network of productized open-source properties live at kineticgain.com subdomains — front doors, per-spec landings, operator dashboards, vertical command surfaces, vendor directory, and prompt-injection bench. All push-to-deploy via GitHub Actions FTP CI/CD. Front door: suite.kineticgain.com · Quickstart hub: docs.kineticgain.com · Live portfolio constellation across every public repo: portfolio.kineticgain.com.
2. Fifteen-repo Suite Implementation Stack — the software that consumes the Kinetic Gain Protocol Suite specs. Decision Intelligence engines · Platform Reliability primitives · MCP servers · data-contract enforcement · ed25519 attestation · drift detection · streaming validators. All CI-green, all semver-tagged at v0.1.0, all MIT-licensed. Four cross-ecosystem hooks chain them into one composable system. The catalog: Suite × Implementations. The compliance mapping: NIST AI RMF crosswalk (v0.2 includes the implementation-tooling alignment).

flowchart TB
    classDef spec fill:#10b981,stroke:#065f46,color:#fff,stroke-width:2px
    classDef hook fill:#3b82f6,stroke:#1e40af,color:#fff,stroke-width:2px
    classDef sup fill:#f3f4f6,stroke:#6b7280,color:#1f2937
    classDef stream fill:#f59e0b,stroke:#92400e,color:#fff
    classDef mcp fill:#a855f7,stroke:#581c87,color:#fff,stroke-width:2px

    SPECS["📐 11 Kinetic Gain Protocol Suite specs<br/>AEO · Agent · Tool · Tutor · AUP · Disclosure<br/>Evidence · Provenance · Clinical · Incident · Decision"]:::spec

    SPECS -->|"#1 ingest Suite docs"| PDA["procurement-decision-api<br/>drafts Decision Cards"]:::hook
    PDA -->|"#2 conditions → runtime gates"| PAC["policy-as-code-engine<br/>PolicyBundle enforcement"]:::hook
    PDA -->|"#3 extract owners"| DCR["data-contract-registry<br/>schema + SLAs"]:::hook
    DCR -->|"#4 streaming CSV check"| CDQ["csv-data-quality-rs<br/>row-by-row validation"]:::hook

    SPECS -.->|sign + verify| HA["hash-attestation-rs<br/>ed25519 over canonical hash"]:::sup
    SPECS -.->|drift detection| AVS["aeo-validator-service<br/>always-on validation"]:::sup
    AVS -.->|JSONL feed| AGE["aeo-graph-explorer-rs<br/>graph-query layer #5"]:::sup
    SPECS -.->|incident → plan| ICR["incident-correlation-rs<br/>Suite-graph BFS"]:::sup
    ICR -.->|drives| PAC

    PDA --> AS
    PAC --> AS
    DCR --> AS
    AVS --> AS
    ICR --> AS
    HA --> AS
    AS["📋 audit-stream-py<br/>hash-chained tamper-evident spine"]:::stream

    SPECS ==>|spec tools| MCP
    PDA ==>|preview tools| MCP
    AS ==>|event tools| MCP
    HA ==>|verify tools| MCP
    MCP["🤖 mcp-kinetic-gain v0.7.1<br/>63 tools · one Claude Desktop config entry"]:::mcp

Green = spec layer (the foundation). Blue = the four cross-ecosystem hooks that make it a stack rather than a pile. Grey = supporting implementation tools that feed into either side. Amber = the tamper-evident audit spine every governance moment writes to. Purple = the unified MCP surface that exposes the whole thing to Claude through one config entry.

Zoom in on the amber spine: every governance moment in the stack writes to one hash-chained, tamper-evident log via audit-stream-py. Same opt-in env-var contract (AUDIT_STREAM_URL) across all seven producers; same best-effort semantics (a failed POST is logged, never raised). 17 event kinds, seven producers, four FastAPI services + three Rust crates, all feeding one verifiable narrative an auditor can replay end-to-end.

flowchart LR
    classDef pyprod fill:#3b82f6,stroke:#1e40af,color:#fff,stroke-width:2px
    classDef rsprod fill:#dea584,stroke:#92400e,color:#1f2937,stroke-width:2px
    classDef spine fill:#f59e0b,stroke:#92400e,color:#fff,stroke-width:3px
    classDef sink fill:#f3f4f6,stroke:#6b7280,color:#1f2937

    PDA["procurement-decision-api<br/>Python · FastAPI"]:::pyprod
    AVS["aeo-validator-service<br/>Python · FastAPI"]:::pyprod
    PCE["policy-as-code-engine<br/>Python · FastAPI"]:::pyprod
    DCR["data-contract-registry<br/>Python · FastAPI"]:::pyprod
    HA["hash-attestation<br/>Rust · crypto library"]:::rsprod
    ICR["incident-correlation<br/>Rust · graph library"]:::rsprod
    AGE["aeo-graph-explorer<br/>Rust · axum service"]:::rsprod

    PDA -->|"decision_card_drafted"| AS
    AVS -->|"watch_created<br/>watch_drifted<br/>watch_validity_flipped"| AS
    PCE -->|"policy_bundle_registered<br/>request_allowed<br/>request_denied"| AS
    DCR -->|"contract_promoted<br/>contract_deprecated<br/>contract_compatibility_failed"| AS
    HA -->|"attestation_signed<br/>attestation_verified<br/>attestation_failed"| AS
    ICR -->|"incident_correlated<br/>incident_correlation_failed"| AS
    AGE -->|"graph_ingested<br/>graph_ingest_failed"| AS

    AS{{"📋 audit-stream-py<br/>hash-chained · tamper-evident<br/>SSE live tail · REST query · GET /verify"}}:::spine

    AS -->|GET /events/stream| LT["governance dashboards<br/>(live tail)"]:::sink
    AS -->|GET /events| Q["compliance evidence<br/>(REST query)"]:::sink
    AS -->|GET /verify| V["auditor replay<br/>(walk the chain)"]:::sink

Blue = Python FastAPI producers. Tan = Rust producers (two libraries gated behind --features audit-stream so library consumers can strip out the HTTP dep, one axum service with the feature on by default). Amber = the spine itself. Grey = the three downstream surfaces auditors and operators consume.

Across the live property network: mix of AGPL-3.0 and Apache-2.0, CI green, push-to-deploy via FTP Action. The current mix includes React + TypeScript operator apps, hand-written static HTML landings, and newer vertical command surfaces.

Fifteen standalone vertical operator surfaces, each a TypeScript control plane for a regulated/operations workflow — intake → risk & obligation mapping → posture → safe escalation. Codex ships at v0.1-shipped; I (Platform/SRE) harden each to v1.0-prod: CI on Node 20 + 22, ≥60% service-test coverage, AGPL-3.0, Dependabot, npm audit, SECURITY.md, static prerender → GitHub Pages. All live, all CI-green.

HealthTech surfaces (priorauth, consent) are HIPAA-readiness scaffolding only — synthetic data, no PHI; see each repo's SECURITY.md.

Seventeen Action wrappers that turn every Kinetic Gain protocol library into a per-PR governance gate. Composite Node 20 actions with dist/index.js committed for SHA/tag pinning, hermetic tests with injected gitShow, AGPL-3.0-or-later, Dependabot-managed.

Each one retrieves the previous version of a single governance doc via git show <base.sha>:<path>, diffs against HEAD, posts the structured diff as a PR comment, and fails the build on breaking changes.

Each one summarizes a single doc against the rest of a fleet (a directory of peer docs of the same protocol), surfacing the outliers and posting a structured PR summary.

agent-card-fleet-summary-action · mcp-tool-card-fleet-summary-action · prompt-provenance-fleet-summary-action · evidence-bundle-fleet-summary-action · otel-genai-fleet-summary-action

The wiring that ties the per-protocol quintets together across mixed-content repos:

Composition story: kg-protocol-detect-action identifies what protocols live in the repo → the matching per-protocol *-diff-action gates breaking changes → the matching *-fleet-summary-action surfaces outliers across the fleet → kg-suite-conformance-runner-action checks spec conformance → kg-suite-canonicalize-action enforces stable serialization → procurement-pulse-action self-scores the deployed /.well-known/ surface. End-to-end PR governance with zero hand-rolled glue.

Dogfooded on kineticgain.com itself. Weekly procurement-pulse-action run probes the apex and refreshes the badge + the public receipt at kineticgain.com/.well-known/pulse-receipt.json.

A different discipline from the governance suite: a studio-grade, offline-first notepad at sveska.studio. No account, no telemetry, no cloud dependency — every note lives in the browser's IndexedDB and the app works with the network unplugged.

Repo: mizcausevic-dev/sveska · v0.8.0 · MIT

A family of eleven open JSON specifications for the answer-engine and agent era — five core (AEO, Prompt Provenance, Agent Cards, AI Evidence Format, MCP Tool Cards), a three-spec EdTech trio (vendor / district / student), a HealthTech vertical extension (Clinical AI Disclosure — HIPAA / FDA / SaMD posture), a cross-cutting AI Incident Card that ties everything together post-hoc, and an AI Procurement Decision Card that signs off on a vendor's posture across the rest of the Suite. Two regulated verticals covered. NIST AI RMF crosswalk shipped alongside. All AGPL-3.0, all v0.1 draft, all kinetic-gain-protocol-suite tagged. Single landing: kinetic-gain-protocol-suite.

The canonical depth example — every layer needed to consume the spec, across five languages:

hash-attestation-rs — sign + verify Suite docs with ed25519 over the same canonical-hash convention every other Suite repo uses. The missing "this AEO actually came from the vendor" layer. Vendors sign, publish a well-known public key URL, consumers verify. Composes with aeo-validator-service (tamper events surface as structured issues) and procurement-decision-api (Decision Cards can carry a signature).

The spec is only one layer. The newer control-plane layer covers citation readiness, publication safety, visibility monitoring, and release posture:

The unified visualizer + unified MCP server give the Suite a complete read-side (human) and tool-side (agent) entry point. Eleven specs, two front doors, and a growing operator subdomain network.

Reliability primitives. Each independent. All designed to compose:

Identity at the edge → rate limits at the model → canary at deploy → registry as source of truth → SLO budget at the API surface → Rust primitives for hot paths → feature flags for rollout control → shadow traffic for migrations → tamper-evident audit log. Defense-in-depth for the agent era.

Production-shaped backend services in the right language for the problem. 15+ languages across one coherent platform.

Production-shaped governance and observability for AI / LLM workloads:

• mcp-sentinel — MCP server observability + security audit
• rag-sentinel — RAG quality / drift / hallucination signals
• agentobserve — Datadog-shaped operator surface for agent fleets
• agent-codex — governance-as-code: SOC 2 / EU AI Act / ISO 27001 / NIST mappings
• agent-eval-arena — eval harness with regression detection + CI gates
• agent-router — LLM router with provider-aware routing and breakers
• llm-redaction-gateway — PII + secret redaction for LLM API calls
• shadow-ai-detector — unauthorized LLM usage detection
• ai-finops-radar — token-level cost attribution + anomaly detection
• kinetic-flightdeck — unified AI Platform Engineering ops console

Executive dashboards, control planes, decision studios — organized by domain:

Executive & Portfolio executive-briefing-studio · portfolio-command-center · executive_operations_dashboard · scenario-planning-atlas

Revenue & Growth customer-intelligence-graph · growth-systems-control-room · revenue-forecasting-workbench · attribution-intelligence-studio · pricing-experiment-studio · conversion-funnel-intelligence-hub · deal-desk-workspace

AI Governance & Risk ai-governance-review-studio · model-risk-oversight-hub · vendor-risk-operations-center · compliance-workflow-hub · ai-operations-console

Identity & Security identity-command-center · identity-lifecycle-workbench · security-posture-control-room

Workflow & Operations workflow-orchestration-studio · feature-flag-rollout-studio · ab-testing-command-center · customer-journey-control-plane

Spec-first OpenAPI services:

Identity-Access-Audit-API · observability-incident-command-api · customer-health-churn-api · partner-lead-distribution-engine · content-workflow-intelligence-platform · experimentation_insights_kpi · seo-governance-platform · webhook-ingestion-pipeline · kinetic-api-gateway · revenue-ops-ai-assistant

The newer CMS lane is not brochure work. It is governance, preview trust, query discipline, cache freshness, schema safety, and contract protection for headless WordPress estates:

wordpress-block-seo-governance-auditor · wordpress-graphql-governance-gateway · headless-seo-fallback-engine · headless-preview-recovery-kit · wpgraphql-query-cost-inspector · frontend-contract-testing-for-wordpress · headless-editorial-command-center · headless-wp-vue-starter · wpgraphql-schema-diff-gate · wordpress-cache-invalidation-map · wordpress-preview-trust-monitor · wp-kinetic-gain-audit

This cluster now covers answer-surface safety, preview recovery, metadata fallback, query cost, frontend payload contracts, editorial release readiness, schema-drift approval gates, cache invalidation mapping, preview trust monitoring, and — via wp-kinetic-gain-audit — a tamper-evident MySQL hash-chained governance audit log that plugs WordPress straight into the Suite's audit-stream-py spine.

Commercially legible systems work across access review, evidence plumbing, connector testing, workflow infrastructure, and HR-to-identity provisioning:

cyberark-access-review-sync · cyberark-connector-observability-exporter · servicenow-cyberark-evidence-pipeline · ibm-custom-connector-starter · ukg-to-scim-provisioner · camunda-connector-test-harness

Open to Director / Principal-level Platform Engineering, Web Engineering, or AI Platform roles at enterprise B2B SaaS companies. East Coast time zone. Remote-friendly.

_{All active repositories · Career one-pager}

Connect: LinkedIn · Kinetic Gain · Medium · Skills